US20100318614A1 - Displaying User Profile and Reputation with a Communication Message - Google Patents
Displaying User Profile and Reputation with a Communication Message Download PDFInfo
- Publication number
- US20100318614A1 US20100318614A1 US12/483,427 US48342709A US2010318614A1 US 20100318614 A1 US20100318614 A1 US 20100318614A1 US 48342709 A US48342709 A US 48342709A US 2010318614 A1 US2010318614 A1 US 2010318614A1
- Authority
- US
- United States
- Prior art keywords
- entity
- communication
- reputation
- sender
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/107—Computer-aided management of electronic mailing [e-mailing]
Definitions
- the invention relates to a coordination entity.
- the invention relates to a sender entity.
- the invention furthermore relates to a recipient entity.
- the invention further relates to a communication system.
- the invention relates to a communication method.
- the invention relates to a program element.
- the invention further relates to a computer-readable medium.
- Internet-based communication systems involve the exchange of electronic communication messages between different users operating different computers.
- U.S. Pat. No. 7,457,955 discloses a trusted branded email method and an apparatus which detects branded electronic messages and performs validation before it is sent to a recipient.
- an electronic message is branded by embedding branding assets and cryptographic signatures. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are authentic.
- Communication over a communication network may still lack security and trustability.
- a coordination entity a sender entity, a recipient entity, a communication system, a communication method, a program element, and a computer-readable medium according to the independent claims are provided.
- a coordination entity for instance a coordination server computer for coordinating communication between a sender entity (for instance a sender computer and/or a communication message server (such as an email server) communicatively coupled to a sender computer) sending a communication message and a recipient entity (for instance a recipient computer and/or a communication message server (such as an email server) communicatively coupled to a recipient computer) receiving the communication message over a communication network
- the coordination entity comprising a registration receipt unit configured for receiving registration data from the sender entity indicative of an identity of the sender entity (for instance an identity of a sender computer and/or an identity of a communication message server (such as an email server) communicatively coupled to a sender computer) and comprising assigned user profile data of the sender entity, a determining unit configured for determining a reputation of the sender entity (particularly by querying a reputation database) based on the identity, and a user data transmission unit configured for transmitting the user profile data and
- a sender entity for sending a communication message to a recipient entity over a communication network
- the sender entity (particularly a previous behaviour of the sender entity) being characterized in the communication network by a reputation (particularly stored in a reputation database and assigned to the sender entity via the identity)
- the sender entity comprising a registration trigger unit configured for triggering a registration of the sender entity by sending registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity to a coordination entity to enable the coordination entity for determining the reputation of the sender entity (particularly by querying the reputation database) based on the identity and for transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message
- a message sending unit for sending the communication message including the identity to the recipient entity.
- a recipient entity for receiving a communication message from a sender entity over a communication network
- the recipient entity comprising a message receiver unit configured for receiving the communication message from the sender entity including an identity of the sender entity, a request unit configured for sending a request for user profile data and a reputation of the sender entity to a coordination entity, the request including the identity of the sender entity, a user data receiver unit configured for receiving the user profile data and the reputation of the sender entity from the coordination entity in response to the request to the coordination entity, and a display unit configured for displaying the user profile data and the reputation together with the communication message.
- a communication system for communicating over a communication network comprising a sender entity having the above mentioned features for sending a communication message to a recipient entity over the communication network, the recipient entity having the above mentioned features for receiving the communication message from the sender entity over the communication network, and a coordination entity having the above mentioned features and coordinating communication between the sender entity and the recipient entity over the communication network.
- the various units in the above mentioned embodiments may be processors or may form part of a processor. Furthermore, the various units in the above mentioned embodiments may comprise storage resources or may have access to storage resources.
- a method of coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network comprises registering the sender entity based on registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity, determining a reputation of the sender entity (particularly by querying a reputation database) based on the identity, and transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, the transmitting being triggered in response to a request of the recipient entity including the identity.
- a program element for instance a software routine, in source code or in executable code
- a processor such as a microprocessor or a CPU
- a computer-readable medium for instance a CD, a DVD, a USB stick, a floppy disk or a harddisk
- a computer program is stored which, when being executed by a processor (such as a microprocessor or a CPU), is adapted to control or carry out a method having the above mentioned features.
- Data processing which may be performed according to embodiments of the invention can be realized by a computer program, that is by software, or by using one or more special electronic optimization circuits, that is in hardware, or in hybrid form, that is by means of software components and hardware components.
- the term “user profile data” may particularly denote displayable information giving an observer of the displayed data an impression regarding the identity and at least one property of the user. Hence, the profile data may render the user a round character for the observer.
- Such user profile data may include text and/or multimedia components describing the user.
- the user profile data may be related to the person operating the sender entity and may thus be in connection with a real person. However, it is also possible that the profile maps an abstract identity, for instance relates to a support department of a company to which the sender entity or the person operating the sender entity belongs.
- the term “reputation” or “reputation data” may particularly denote data or an information indicative of a probability whether a sender of a communication message can be considered as a trusted communication party or has to be considered as a (for instance potentially or definitely) untrusted communication party (for instance if there is a reasoned assumption that such a communication party might send or have sent spam messages, undesired advertisement, phishing messages, a computer virus, a trojan, etc.).
- the assignment of a reputation to a user may be performed based on an evaluation of the user's past behaviour as documented by a corresponding voting regarding this user by other users of a communication network.
- reputation data of a user may be in the form of a conduct value estimated based on user opinions and/or user experiences and/or programmatic evaluation of communication and/or message patterns.
- a reputation may also be determined or at least influenced by the affiliation or membership of a user to a social network. For instance, when a user is included in a list of trusted communication parties of a social network stored in a database of the coordination entity and/or of the recipient entity, this may be considered as a positive reputation.
- Different reputation items or aspects may be combined for deriving overall reputation data. For instance, an average of different positive and negative reputation items may be estimated to compute the reputation data.
- the resulting reputation can not only be a “digital” value (i.e.
- good reputation “yes” or “no”) can include more than two values (for instance “trusted”, “untrusted” and “trust level not decidable”) or can also include a numerical value within a range (for instance a percentage between 0 and 100%, a mark between 1 and 6, points between ⁇ 1000 and 1000, etc.).
- the term “identity” of the sender entity may particularly denote data related to the sender entity.
- the identity may be a specific or concrete identity (such as a name) directly representing a person operating the sender entity.
- identity may also denote an abstract identity (such as an email address, an IP address, a relation to a company or to a support department of a company, etc.) being assigned indirectly to the sender entity.
- the identity of the sender entity may denote information which is uniquely or unambiguously correlated to the sender entity.
- the sender entity or a natural person operating the sender entity may have one or multiple identities, for instance may have one or multiple email addresses.
- the identity of the sender unit may be authenticated and may be a trusted identity.
- a safe communication architecture may be provided in which a recipient of a communication message can easily and intuitively evaluate a risk whether the communication message is spam or not, based on a combination of two items of information: On the one hand, the recipient may download reputation information indicative of a reliability of the sender during communication over the communication network in the past. Such information may be taken from a reputation database in which identities of participants of the communication network can be ranked with a certain reputation, for instance reflecting the experience of other users of the network with the sender in the past. However, this criteria when taken alone may be not sufficiently accurate, and the reliability of such a reputation based spamming filter may be further refined by combining corresponding reputation information on a display with personalized profile data which can be also displayed to the recipient.
- the recipient may download both reputation data and user profile data from one or more communicatively coupled entities. Therefore, such reputation and user profile data do not have to be permanently stored locally by the recipient. Any update or change of such data only has to be managed centrally by the coordination entity, and not in a distributed way at each node of a network.
- the user profile data (for instance a photo of the sender) may be provided by the sender to the coordination entity together with her or his identity upon registration in the communication system.
- the combination of the display of a reputation of a user and the display of user profile data may give a recipient user a fast, easy, reliable and intuitive impression of the trustability of a communication message.
- the determining unit may be configured for determining the reputation of the sender entity by querying a reputation database based on the identity.
- the identity of the sender entity may be used as a search criteria for retrieving user reputation data from a database such as a mass storage device.
- the reputation database (which may have storage capabilities and may be realized as a mass storage device, for example) may store reputations for multiple entities (such as a large number of communication parties in the network), the reputations being provided by users of the communication network based on a previous experience with a corresponding one of the entities. For instance, each of the users may be enabled to provide a ranking for other users of the communication network regarding the exchange of communication messages with this user in the past. In case of bad experiences, for instance when a spamming mail was received from a sender, this may result in a bad ranking. In case of good experiences, a good ranking may be the consequence, for instance since a user provides a list of reliable users to such a database.
- the reputation database may be part of the coordination entity, or may be a separate storage device to which the coordination entity may have access. The reputation of a user may change over time, for instance since a behaviour of the user has changed. Thus, the reputation may be permanently updated.
- the reputation database may store reputation data for multiple communication entities, the reputations being provided in accordance with a membership of a corresponding one of the communication entities to a social network.
- the fact that a user belongs to or is a member of a trusted (or untrusted) community may have an influence on the classification of such a user to have a good reputation (or a bad reputation).
- the reputation database may store reputations for multiple communication entities, the reputations being determined (particularly calculated in accordance with a predefined algorithm) based on user and/or automatically evaluated feedback provided by users via the communication network and representing an experience of users with respective ones of the multiple communication entities.
- the term automatically evaluated feedback may denote that automatic feedback can also have an impact on the reputation (e.g. from spamtraps).
- users of the communication network may (qualitatively or quantitatively) evaluate individual communication entities or persons operating such communication entities in the light of their previous behaviour in the communication network.
- a user may provide the information that an individual communication entity is a trusted entity (in view of a positive experience of the voting user with this communication entity).
- a user having previously provided a positive evaluation of a communication entity later revokes or modifies the evaluation after a new (for instance less positive or negative) experience with this communication entity.
- an evaluation representing a good relation to a communication entity may also be modified over time allowing for a dynamic update of the reputation data.
- a user may provide the information that an individual communication entity is an untrusted entity (in view of a negative experience of the voting user with this communication entity).
- exclusively a positive voting is possible.
- exclusively a negative voting is possible.
- both a positive voting or a negative voting is possible.
- the coordination entity may calculate reputation data from the votings in a user-specific way in accordance with a predefined calculation scheme.
- a calculation scheme may be the addition of “+1” to the reputation of a communication entity as a result of a positive voting, and the reduction of the reputation by “ ⁇ 1” as a result of a negative voting.
- many other calculation schemes may be applied as well.
- the coordination entity may be realized as a plurality (for instance two, three, four or more) of separate servers.
- Such servers may be communicatively coupled to one another to enable data exchange between the servers. They may be located remotely with respect to one another.
- the plurality of separate servers may store the user profile data and/or the reputation at least partially redundantly.
- user profile data and/or the reputation data corresponding to a respective jurisdiction for instance the US
- the partially redundant storage may also be managed in accordance with one or more other criteria.
- the message sending unit may be configured for sending the communication message to the recipient entity with a signature indicative of the identity.
- signature may relate to a data section (such as a textual portion) of an email or another communication message indicative of a sender of this communication message.
- a (for instance digital) signature may be obtained by applying a cryptographic procedure wherein, by using a private key (which may be secret), a number (for instance a so-called digital signature) may be calculated.
- a public key which may be publically available and not secret
- the analysis of the signature may be the first check of the reliability of the message.
- the unsuccessful analysis of the signature may be sufficient to reject the communication message.
- the communication message may be further processed and displayed together with reputation data and user profile data. This may allow to further increase reliability of the system.
- the signature can be used to confirm the authenticity of a transmitted identity.
- the recipient entity may further comprise a signature evaluation unit configured for evaluating a signature of the communication message, the signature being indicative of the identity.
- the signature may be checked by the recipient entity to verify the correct identity of the sender entity.
- the signature evaluation unit may further be configured for classifying the communication message as invalid in case that the evaluation of the signature fails. Thus, a wrong signature alone may be sufficient for refusal of the communication message so that the consequence can be that this communication message is transferred to a spam folder.
- the recipient entity displays the communication message in an inbox folder, however without profile data and without reputation data.
- the signature evaluation unit may be configured for inhibiting the receiving of the user profile data and of the reputation of the sender entity in case that the evaluation of the signature fails. Therefore, when the signature is not verified, it is no longer necessary that traffic is generated over a communication network for receiving user profile data and reputation by contacting a coordination server. This allows for an efficient use of processing and storage resources of the communication system.
- the display unit may be configured for graphically displaying the reputation.
- the display unit may be a monitor or the like (for instance a liquid crystal display, a cathode ray tube, a plasma display device or the like).
- the communication message is an email
- a click on an email may open a computer window which shows a graphical indication of the reputation.
- This may be a numeric value, for instance a percentage, being quantitatively indicative of the reliability of the user of the sender entity. It is also possible to display the reputation as a bar plot since this is a very intuitive way of reporting to the user at a glance whether the communication message is reliable or not.
- a very short bar may indicate a low degree of reliability
- a very long bar may indicate a high degree of reliability.
- the reputation may also be displayed using a color code wherein the color may be indicative of the reputation.
- a green button may indicate trustability of the user of the sender entity
- a red button may indicate untrustability of the user of the sender entity
- a yellow button may indicate that trustability of the user of the sender entity is difficult or impossible to be decided.
- red, green and yellow may have a similar (and therefore intuitive) meaning as the colors of a traffic light.
- the display unit may be configured for simultaneously displaying the user profile data and the reputation together with the communication message.
- user profile data, reputation and communication message may be displayed on the same computer window.
- Such a window may be considered as a two dimensional object arranged on a desktop.
- the message, the reputation and the user profile may be displayed at the same time so that it is very convenient for a user to see the message content, information regarding the person having sent the message and an evaluation of the trustability of this person.
- the recipient entity may comprise a classification unit configured for classifying the communication message based on the reputation.
- Multiple classes of communication messages may be defined, wherein each class may for instance be assigned to an email folder in which the email message may be shifted if it belongs to the respective class.
- the downloaded reputation data may be analyzed regarding one or more predefined criteria for a decision of the recipient entity to which class the message should be classified (for instance whether a communication message should be treated as a regular email or should be shifted to a spam folder).
- the classification may be used as a filter criteria regarding spam. This spam filter criteria may be the only one or may be combined with one or more further filter criteria, for instance a text based filter criteria.
- Text or content filtering techniques may check on typical spam words, URLs that lead to known spam websites, invalid email formats or known fingerprints of spam mail bodies.
- this content filtering technique may be combined with a delivery source filtering method checking for invalid sending IPs, for instance using a reputation of a user from a reputation database for evaluating the risk of a spam mail.
- a “black-white-listing” may be implemented for a user.
- this email may be displayed in a specific representation mode, for instance in grey color. Only upon specific request, the recipient can receive the profile and reputation data and can trust these data. Only subsequently, the profile data may then be displayed as described above, for instance with a traffic light code.
- a black-white listing may provide a social network component providing for a link between different users.
- the identity of the sender unit may be an authenticated identity.
- This embodiment relies on the highly advantageous combination of the verification of an authenticated sender identity with the provision of reputation data and user profile data. This may render the communication system more secure and may make forgery of the identity and of the assigned user profile data more difficult or even impossible.
- the profiles are based on an authenticated identity of the sender entity, it can be made very difficult or almost impossible that an unauthorized party of the communication network provides profile data related to another person party and therefore mimics another entity's identity. Consequently, it may be ensured that profile data provided by the system according to the described embodiment in fact relate to the sender entity. For instance, this can be ensured by a signature which may be added to the sent communication message.
- the transmission of a signature together with the communication message may allow the recipient unit to confirm that the signature is correct and that hence the sender can be considered as an authorized sender.
- This verification can then also ensure that during the communication of the recipient entity with the coordination entity, profile data related to an authenticated user is downloaded.
- profile data may for instance be transmitted from the coordination entity to the recipient entity in an encrypted manner (for instance SSL encrypted) and/or using the signature. Since the verification of a signature may require a key (for instance a public key or any other code), the authenticated identity of the sender entity may be verified.
- a key for instance a public key or any other code
- the communication message may be an email.
- An email or electronic mail may be denoted as an item of worldwide electronic communication in which a computer user can compose a message at one terminal that can be regenerated at the recipient's terminal when the recipient logs in.
- other kinds of electronic communication messages may be handled according to exemplary embodiments, such as SMS (Short Message Service) messages, MMS (Multimedia Messaging Service) messages, etc.
- SMS Short Message Service
- MMS Multimedia Messaging Service
- a user profile in combination with reputation data are displayed on a display of a phone such as a mobile phone in case of an incoming call.
- a user of the phone may then decide whether the phone call is answered or not. In case of a low reputation (for instance indicating that the caller is an untrusted party) of the caller, the user will receive this information before answering the call.
- the user profile data and the reputation may be displayed in combination with a telephone number or an assigned identity (such as a name) of the caller. The phone may download both the user profile and the reputation from the coordination entity upon receipt of the incoming call.
- the communication may be in accordance with a Domain Key Identified Mail (DKIM) architecture.
- DKIM Domain Key Identified Mail
- a public key may be deposited in a DNS (domain name system) server.
- DNS domain name system
- the DNS server may be a different one or the same server as the coordinating server providing the user profile data and the reputation data to the recipient entity.
- a recipient entity desiring to validate a signature of a received communication message may then contact the DNS server to obtain the public key for validation of the signature.
- a authenticated identity can be derived from the DKIM user and domain parts. This DKIM identity can be directly used by the coordinating entity.
- DKIM communication In Domain Key Identified Mail communication
- a DKIM reputation database may be used in which identities of spammers are collected that are sending DKIM valid mails (to spam traps). These reputation data may be provided as a DNS blacklist which is accessible to anybody and can be used as a spam filter criteria.
- DKIM signature check which will check a DKIM signature on message delivery and may notify a user when a signature is invalid.
- a DKIM notification service may send an email to a user when a mail domain is listed in the blacklist.
- a DKIM reputation query a user can check an own DKIM reputation. This can be done by entering an email address and a domain name of a signing party.
- DKIM is included in the industrial standard RFC 4871.
- emails may be automatically signed with a signature based on the DKIM standard.
- verified spam mails may be collected, and their senders may be added to a reputation database that can be used in spam mail filtering.
- a bad score may be given to DKIM spammers, and a slightly good score to other, good DKIM senders.
- a validation of a signed communication message (sent from the sender entity to the recipient entity) by the recipient unit may be performed based on a public key which is included as part of the transmitted communication message in the form of a verifiable certificate of a public key infrastructure (PKI).
- PKI public key infrastructure
- Kerberos may be denoted as a computer network authentication protocol which may allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Such a technology may be particularly applied to a client server system and provides mutual authentication. Both the user and the server may verify each others identity. Kerberos may implement symmetric key cryptography and may require a trusted third party. A Kerberos architecture may be particularly appropriate in an intranet.
- the user profile data may comprise image data showing the user operating the sender entity, image data including a photo of the user operating the sender entity, image data including a logo assigned to the user (or a company or association to which the user belongs), text data having a relation to the user, audio data having a relation to the user, audiovisual data having a relation to the user, multimedia data having a relation to the user, a link to a node of a communication network (for instance a link to a homepage of the user) and/or contact information for contacting the user.
- a user profile may be denoted as the collection of personal data associated to a specific user.
- the profile may refer therefore to the electronic representation of a person's identity or may be an abstract profile which is only indirectly linked to a person (for instance a profile of a company to which a person belongs).
- Such profile data may be supplied in combination with the identity of the user by the user upon registering at the coordination entity.
- profile data may be sent from the coordination entity to the recipient entity.
- the reputation data may be indicative of a rating of a behavior of a user of the sender entity regarding a previous communication over the communication network.
- a voting may be contributed for each user of a communication network so that the total opinion of the users regarding a specific participant may be reflected in the reputation database.
- the reputation data may be indicative of a probability that the communication message of a user of the sender entity is a spam message. Therefore, the reputation data may be used as a spam filtering criteria as well.
- the communication network may be the public Internet. In the public Internet it is very important that spam mails are suppressed because here it is very difficult to control spamming activities. However, it is also possible that the system is implemented on an intranet, for instance a network operated by an institution or a company. Here, a central server may be used as a trusted entity which manages the user profiles as well as the reputation.
- the sender entity and/or the recipient entity may comprise an email client or may be communicatively coupled to an email server providing an email client.
- Such an email client may be a browser via which a user may monitor her or his emails regularly. During such a monitoring, a user has only few time to decide whether an email is read in detail or is refused as spam.
- the intuitive combination of user profile data and reputation may be a considerable simplification for a user allowing to decide in a very short time whether an email is considered as a spam or not.
- DKIM verification may be used as a spam filter criteria.
- a DKIM signed email may be used as a basis for an identity based filtering.
- the identity may be included in the email, for instance in an email header verifiable by a checksum or the like. If the checksum is okay, the email message may be basically accepted and can be displayed in an inbox folder of an email client.
- a more detailed analysis of the reliability of such an email may be performed by considering as well the reputation of the user provided by the reputation database and user profile data displayed simultaneously.
- the identity may be linked to profile data for the sake of spam filtering.
- components from a social network (certified sender) may be used.
- a database may be accessed which includes spam relevant information as well as user profile data.
- Exemplary embodiments of the invention are based on an identification system such as the Domain Key Identified Mail (DKIM) which allows the identification of systems via which an email has been transferred over a global mail network.
- DKIM Domain Key Identified Mail
- asymmetric cryptographic methods may be applied.
- Such an identification system may be combined with a reputation database.
- DKIM it is possible to assign reputations to DKIM identities, for instance to rank spammers with a low reputation in order to reduce a probability that a corresponding email is not classified as a spam email.
- FIG. 1 illustrates a communication system according to an exemplary embodiment of the invention.
- FIG. 2 illustrates a display of an email client such as Mozilla Thunderbird in which an email is displayed as a combination of a message text, profile data of a user as well as a user reputation.
- an email client such as Mozilla Thunderbird
- FIG. 2 illustrates a display of an email client such as Mozilla Thunderbird in which an email is displayed as a combination of a message text, profile data of a user as well as a user reputation.
- FIG. 3 schematically illustrates communication between a sender entity, a recipient entity and a coordination entity in a communication system based on DKIM according to an exemplary embodiment.
- FIG. 4 illustrates a system architecture of a communication network according to an exemplary embodiment.
- FIG. 5 is a more detailed view of the communication architecture of FIG. 4 .
- FIG. 6 illustrates a DKIM communication network according to an exemplary embodiment of the invention.
- FIG. 7 illustrates a communication system according to an exemplary embodiment of the invention in which a public key for validating a signature of an email is included in the email.
- FIG. 8 illustrates a Kerberos communication system according to an exemplary embodiment of the invention.
- FIG. 1 a communication network 100 according to an exemplary embodiment of the invention will be explained.
- the communication network 100 comprises a sender entity 102 (for instance a personal computer operated by a sender user) for sending a communication message 104 to a recipient entity 106 (for instance a further personal computer operated by a recipient user).
- the communication network 100 furthermore comprises the recipient entity 106 receiving the communication message 104 from the sender entity 102 over the communication network 100 .
- a server 108 acting as a coordination entity is provided for coordinating communication between the sender entity 102 and the recipient entity 106 over the communication network 100 .
- a message transfer server such as an email server (not shown in FIG. 1 ) of the sender entity 102 and a message transfer server such as an email server (not shown in FIG. 1 ) of the recipient entity 106 as well as further message transfer servers (for instance intermediate email servers) may be provided as well in the communication path between the sender entity 102 and the recipient entity 106 .
- message transfer servers may be separate entities in addition to entities 102 , 106 or may be part of entities 102 , 106 and integrated therein.
- Previous experiences of users of the communication network 100 with the sender entity 102 are characterized by a reputation value 144 which is stored in a reputation database 110 such as a mass storage device.
- the reputation 144 of the sender entity 102 is indicative of the reliability and the trustability of the sender entity 102 in previous communication procedures.
- Any third party 112 having communicated with the sender entity 102 in the past, i.e. having exchanged communication messages with the sender entity 102 may provide a ranking of the sender entity 102 regarding the trustability of this sender entity 102 . If the sender entity 102 has sent spam messages in the past to the third party 112 , the third party 112 may evaluate the reputation 144 of the sender entity 102 in a negative way.
- the third party 112 may evaluate the sender entity 102 in a positive manner by providing respective reputation reports to the reputation database 110 .
- the reputation database 110 stores reputation data 144 also for a plurality of other users of the communication network 100 .
- the sender entity 102 comprises a registration trigger unit 114 configured for triggering a registration of the sender entity 102 at the server 108 by sending registration data indicative of an identity 138 of the sender identity 102 and sending user profile data 140 of the sender entity 102 to the server 108 .
- an identity 138 (or data allowing to derive an identity 138 ) of the sender entity 102 is supplied to the server 108 in connection with user profile data 140 , for instance a photo of a person operating the sender entity 102 .
- the sender entity 102 may comprise a message sending unit 116 for sending the communication message 104 including the identity 138 of the sender entity 102 and including a signature 142 to the recipient entity 106 .
- the identity 138 may be the domain or the email address or the URL or the IP address or a sender specific ID of the sender entity 102 .
- the signature 142 may be a DKIM signature allowing the recipient entity 106 to decide whether the communication message 104 is a DKIM valid message, by analyzing the signature 142 . Additionally or alternatively, other signatures may be implemented as well.
- the server 108 comprises a registration receipt unit 118 configured for receiving the registration data from the sender entity 102 indicative of the identity 138 of the sender entity 102 and comprising the assigned user profile data 140 of the sender entity 102 .
- the server 108 may comprise or may communicate with a user profile database 120 such as a mass storage device for storing the user profile data 140 supplied from the registration trigger unit 114 of the sender entity 102 to the server 108 .
- a user profile database 120 such as a mass storage device for storing the user profile data 140 supplied from the registration trigger unit 114 of the sender entity 102 to the server 108 .
- the user profile database 120 and the reputation database 110 are shown as separate databases, but may also be realized as one common database or one common mass storage device.
- the server 108 further comprises a determining unit 122 for determining or retrieving the reputation 144 of the sender entity 102 by querying the reputation database 110 based on the identity 144 serving as a search criteria for querying the reputation database 110 .
- the identity 138 is used as a search criteria for querying the reputation database 110 , the corresponding reputation 144 assigned to this identity 138 may be returned to the server 108 .
- the recipient entity 106 comprises a message receiver unit 124 for receiving the communication message 104 from the sender entity 102 including the identity 138 of the sender entity 102 and including the (optional) signature 142 .
- a signature evaluation unit 126 may then verify the signature 142 of the communication message 104 .
- the signature evaluation unit 126 may bidirectionally communicate with a DNS (Domain Name System) server 180 . If the signature evaluation unit 126 identifies the communication message 104 to be invalid due to a wrong signature 142 , the communication message 104 may be directed into a spam folder or may be classified as spam. In other words, a correct signature 142 may be the qualification for the communication message 104 to be further evaluated or considered as a valid email.
- DNS Domain Name System
- a request unit 128 is activated which is configured for requesting transmission, from the server 108 , of the user profile data 140 and the reputation data 144 assigned to the sender entity 102 .
- the corresponding request 130 is received by a user data transmission unit 132 of the server 108 which is configured for transmitting the user profile data 140 after having queried the user profile database 120 (using the identity 138 as a search criteria) and the reputation data 144 (using the identity 138 as a search criteria) after having queried the reputation database 122 .
- a response 134 is sent from the user data transmission unit 132 to the user data receiver unit 128 .
- a display unit 136 of the recipient unit 106 displays the user profile data 140 and the reputation 144 together with the communication message 104 .
- the message 104 may be presented to a human user visually in combination with a profile of the user, i.e. a profile of the sender 102 so as to allow a social networking with an email.
- the reputation 144 of the sender entity 102 is displayed at the same time. This may overcome the conventional problem of a poor trustability of message-based communication in view of activities such as address spoofing or phishing. It is possible that the sender entity 102 is visualized by the user profile data 140 .
- the email 104 may be personalized by visually displaying a user profile 140 (for instance images, multimedia, contact information or the like) when monitoring an email 104 .
- the reputation 144 of the sender 102 is assigned to the user identity 138 .
- Exemplary embodiments may allow to constitute a social network of email contacts by managing confidential relationships. Hence, the described embodiment allows social networking with emails.
- FIG. 2 illustrates a screenshot 200 of an email client such as Mozilla Thunderbird.
- FIG. 2 illustrates the communication message 104 , i.e. a text content thereof, in combination with a photo 140 (optionally also with a logo such as a corporate symbol 210 ) as an example for user profile data.
- a bar plot 144 is shown being indicative of a reputation value of the sender, i.e. of the person shown in the photo 140 .
- a traffic light image (or a traffic light like image) may be displayed in which a red, yellow or green spot is displayed to indicate that the reputation of the user is trusted (for instance green), untrusted (for instance red) or undecidable (for instance yellow).
- the simultaneous display of the content of the communication message 104 with the user profile 140 and the reputation 144 allows a user to easily decide intuitively whether the sender 102 is reliable or not.
- the reputation 144 and the user profile 140 are not only indicated in a window 220 showing the entire email data 104 , but also in an overview window 230 showing a list of various available emails.
- the reputation 144 and user profile 140 display feature In order to implement the reputation 144 and user profile 140 display feature in an email client such as Mozilla Thunderbird or the like, it is possible to add a plug-in which provides this additional service. It is also possible that the corresponding software is directly implemented in the source code of the email client for providing the reputation 144 and user profile 140 display feature.
- FIG. 3 schematically illustrates a DKIM procedure.
- a user may operate a terminal 300 communicating with a corresponding mail server 302 .
- Entities 300 and 302 may represent the sender entity 102 in FIG. 1 .
- a corresponding DKIM signed email 104 may then be sent to a mail server 304 of a recipient communicating via a user terminal 306 .
- Entities 304 and 306 may represent a recipient entity 106 as shown in FIG. 1 .
- Reputation database 110 may be queried by the recipient entity 106 to derive further information regarding the reputation 144 of the sender entity 102 .
- FIG. 4 illustrates a communication system 400 according to another exemplary embodiment.
- a computer may be equipped with a profile plug-in 402 to form the sender entity 102 communicating with the profile server 108 and the recipient 106 which may also be a computer equipped with a profile plug-in 404 .
- a profile cache 406 may be provided.
- Profile cache 406 may include a copy of data (such as reputation data 144 and/or user profile data 140 ) which data is also stored in the profile server 108 .
- data such as reputation data 144 and/or user profile data 140
- all reputation data 144 and user profile data 140 may be centrally stored at the profile server 108
- profile cache 406 only includes a subset of the reputation data 144 and/or user profile data 140 .
- Such an architecture may render the system appropriate also for very large numbers of users.
- profile server 108 may be located in Germany and profile cache 406 may be located in the US.
- profile cache 406 may be more easily or faster accessible as compared to profile server 108 so that data relevant for US users may be copied into profile cache 406 .
- the profile plug-in 402 may communicate with profile server 108 for a first time registration, for instance also including profile updates, registering of present email identities (user name and password, authentication at the profile server 108 ).
- a profile ID may be supplied from the profile server 108 to the profile plug-in 402 by a communication message 410 , if necessary in connection with further data such as key pairs.
- Email 104 may be transmitted from the sender entity 102 to the recipient entity 106 . If necessary, email headers may be inserted before the transmission of the email 104 for a qualified signature 142 or an additional identification on the recipient 106 side.
- user-based identities 138 may be recognized in the email 104 , if necessary a profile ID may be assigned.
- the profile ID may be resolved and the profile data may be transmitted.
- the profile data may include texts, URLs, multimedia files, etc.
- FIG. 5 is a more detailed illustration of a communication system 400 shown in FIG. 4 .
- the server 108 comprises the profile database 120 for providing user profile data 140 , an external database 110 for providing reputation data 144 and a profile generator 500 which may have processing resources.
- the profile generator 500 may be configured for composing profile data 140 such as images, URLs, multimedia data, and individual reputations 144 .
- FIG. 5 illustrates that one or more external data sources may be added to the communication architecture according to an exemplary embodiment.
- the system is adapted for a DKIM communication.
- the transmission of the email 104 may include the insertion of a DKIM signature by a direct provider (first party signature).
- a DKIM validation and, if necessary, a calculation of the DKIM identity may be performed.
- the profile plug-in 404 and the profile cache 406 may communicate to resolve the profile ID and to trigger transmission of the profile data.
- available email identities may be registered by email transmission to the profile server 108 (user name plus password, authentication at the profile server 108 ).
- FIG. 6 illustrates that entities 106 , 404 communicate with DNS server 180 .
- entities 106 , 404 may download from DNS server 180 a public key based on an identity of a mail server of the sender entity 102 . Based on this key, the signature may be verified by the recipient entity 106 . In other words, an identity of the mail server on domain level may be correlated with an identity of the sender on user level.
- a communication system 700 shown in FIG. 7 differs from the communication system 600 shown in FIG. 6 in that FIG. 7 relates to a so-called User Key Identified Mail (UKIM) architecture.
- the transmission of the email 104 is performed with the insertion of an email header prior to the email transmission including an UKIM signature via From, To, Timestamp, Reference, Body-Hash, Body-Length and including the certificate.
- the UKIM signature is validated.
- the profile ID included also in the certificate may be accepted.
- the profile data are transmitted.
- a first time registration at the profile server 108 is performed, if necessary profile updates are transmitted (user name and password, authentication at the profile server 108 ).
- a profile ID is assigned, a private key and a certificate with a common name is assigned, which is the profile ID.
- a public key of the sender entity 102 is included in the email 104 .
- a signature is verifiable by the recipient 106 without the necessity of contacting a DNS server (as in FIG. 6 ).
- a recipient entity 106 is not dependent on whether such a DNS server supports a used communication architecture such as DKIM or not. Therefore, including a public key for signature validation directly in the email may allow to provide a more flexible system.
- recipient entity 106 may therefore validate communication message 104 without the need to access an external database.
- a communication system 800 shown in FIG. 8 relates to a Kerberos enabled environment.
- a user profile is created at a domain controller, if necessary profile updates are communicated.
- Communication message 410 relates to the assignment of a profile ID, i.e. a user name.
- an email header is introduced by a mail server (based on a Kerberos authentication), a so called authentication header comprising a security token.
- the security token authentication header is validated by the client.
- From-Header may be used as a profile key or identity.
- the profile data is transmitted (based on the From-Address).
- the Kerberos architecture of FIG. 8 is particularly appropriate for an Intranet being limited to a defined number of communication nodes in contrast to the unlimited public Internet.
- the communication network shown in FIG. 8 can be operated in a Microsoft Exchange environment.
- an Exchange Server knows which user has sent the communication message due to the Kerberos authentication.
- the server may attach a security token in an Authentication header of the communication message indicative of the fact that this server has sent the communication message.
- Such a header may grant the trustability of the From header which may then be used for downloading data from a Profile Server.
- An exemplary application of exemplary embodiments of the invention is company internal communication, for instance within a local network.
- an email identity may be verified by a trusted registration of the mail server of the network of the company.
- a profile storage may be performed in a a Microsoft Active Directory.
- Another exemplary embodiment may relate to a global architecture.
- An email identity may be verified by the employment of DKIM (Domain Key Identified Mail, RFC 4871) or UKIM (User Key Identified Mail).
- the deposition of a profile in the web may be performed via a social network.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Computer Hardware Design (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method of coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network, wherein the method comprises registering the sender entity based on registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity, determining a reputation of the sender entity based on the identity, and transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, the transmitting being triggered in response to a request of the recipient entity including the identity.
Description
- The invention relates to a coordination entity.
- Moreover, the invention relates to a sender entity.
- The invention furthermore relates to a recipient entity.
- The invention further relates to a communication system.
- Moreover, the invention relates to a communication method.
- Beyond this, the invention relates to a program element.
- The invention further relates to a computer-readable medium.
- Internet-based communication systems involve the exchange of electronic communication messages between different users operating different computers.
- U.S. Pat. No. 7,457,955 discloses a trusted branded email method and an apparatus which detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic message is branded by embedding branding assets and cryptographic signatures. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are authentic.
- Communication over a communication network may still lack security and trustability.
- It is an object of the invention to enable a communication system to be operable with reasonable security and trustability.
- In order to achieve the object defined above, a coordination entity, a sender entity, a recipient entity, a communication system, a communication method, a program element, and a computer-readable medium according to the independent claims are provided.
- According to an exemplary embodiment of the invention, a coordination entity (for instance a coordination server computer) for coordinating communication between a sender entity (for instance a sender computer and/or a communication message server (such as an email server) communicatively coupled to a sender computer) sending a communication message and a recipient entity (for instance a recipient computer and/or a communication message server (such as an email server) communicatively coupled to a recipient computer) receiving the communication message over a communication network is provided, the coordination entity comprising a registration receipt unit configured for receiving registration data from the sender entity indicative of an identity of the sender entity (for instance an identity of a sender computer and/or an identity of a communication message server (such as an email server) communicatively coupled to a sender computer) and comprising assigned user profile data of the sender entity, a determining unit configured for determining a reputation of the sender entity (particularly by querying a reputation database) based on the identity, and a user data transmission unit configured for transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, the transmitting being triggered in response to a request of the recipient entity including the identity.
- According to another exemplary embodiment of the invention, a sender entity for sending a communication message to a recipient entity over a communication network is provided, the sender entity (particularly a previous behaviour of the sender entity) being characterized in the communication network by a reputation (particularly stored in a reputation database and assigned to the sender entity via the identity), the sender entity comprising a registration trigger unit configured for triggering a registration of the sender entity by sending registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity to a coordination entity to enable the coordination entity for determining the reputation of the sender entity (particularly by querying the reputation database) based on the identity and for transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, and a message sending unit for sending the communication message including the identity to the recipient entity.
- According to still another exemplary embodiment of the invention, a recipient entity for receiving a communication message from a sender entity over a communication network is provided, the recipient entity comprising a message receiver unit configured for receiving the communication message from the sender entity including an identity of the sender entity, a request unit configured for sending a request for user profile data and a reputation of the sender entity to a coordination entity, the request including the identity of the sender entity, a user data receiver unit configured for receiving the user profile data and the reputation of the sender entity from the coordination entity in response to the request to the coordination entity, and a display unit configured for displaying the user profile data and the reputation together with the communication message.
- According to yet another exemplary embodiment of the invention, a communication system for communicating over a communication network is provided, the communication system comprising a sender entity having the above mentioned features for sending a communication message to a recipient entity over the communication network, the recipient entity having the above mentioned features for receiving the communication message from the sender entity over the communication network, and a coordination entity having the above mentioned features and coordinating communication between the sender entity and the recipient entity over the communication network.
- The various units in the above mentioned embodiments may be processors or may form part of a processor. Furthermore, the various units in the above mentioned embodiments may comprise storage resources or may have access to storage resources.
- According to still another exemplary embodiment of the invention, a method of coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network is provided, wherein the method comprises registering the sender entity based on registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity, determining a reputation of the sender entity (particularly by querying a reputation database) based on the identity, and transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, the transmitting being triggered in response to a request of the recipient entity including the identity.
- According to still another exemplary embodiment of the invention, a program element (for instance a software routine, in source code or in executable code) is provided, which, when being executed by a processor (such as a microprocessor or a CPU), is adapted to control or carry out a method having the above mentioned features.
- According to yet another exemplary embodiment of the invention, a computer-readable medium (for instance a CD, a DVD, a USB stick, a floppy disk or a harddisk) is provided, in which a computer program is stored which, when being executed by a processor (such as a microprocessor or a CPU), is adapted to control or carry out a method having the above mentioned features.
- Data processing which may be performed according to embodiments of the invention can be realized by a computer program, that is by software, or by using one or more special electronic optimization circuits, that is in hardware, or in hybrid form, that is by means of software components and hardware components.
- In the context of this application, the term “user profile data” may particularly denote displayable information giving an observer of the displayed data an impression regarding the identity and at least one property of the user. Hence, the profile data may render the user a round character for the observer. Such user profile data may include text and/or multimedia components describing the user. The user profile data may be related to the person operating the sender entity and may thus be in connection with a real person. However, it is also possible that the profile maps an abstract identity, for instance relates to a support department of a company to which the sender entity or the person operating the sender entity belongs.
- The term “reputation” or “reputation data” may particularly denote data or an information indicative of a probability whether a sender of a communication message can be considered as a trusted communication party or has to be considered as a (for instance potentially or definitely) untrusted communication party (for instance if there is a reasoned assumption that such a communication party might send or have sent spam messages, undesired advertisement, phishing messages, a computer virus, a trojan, etc.). The assignment of a reputation to a user may be performed based on an evaluation of the user's past behaviour as documented by a corresponding voting regarding this user by other users of a communication network. For instance, reputation data of a user may be in the form of a conduct value estimated based on user opinions and/or user experiences and/or programmatic evaluation of communication and/or message patterns. A reputation may also be determined or at least influenced by the affiliation or membership of a user to a social network. For instance, when a user is included in a list of trusted communication parties of a social network stored in a database of the coordination entity and/or of the recipient entity, this may be considered as a positive reputation. Different reputation items or aspects may be combined for deriving overall reputation data. For instance, an average of different positive and negative reputation items may be estimated to compute the reputation data. Hence, the resulting reputation can not only be a “digital” value (i.e. good reputation “yes” or “no”), but can include more than two values (for instance “trusted”, “untrusted” and “trust level not decidable”) or can also include a numerical value within a range (for instance a percentage between 0 and 100%, a mark between 1 and 6, points between −1000 and 1000, etc.).
- The term “identity” of the sender entity may particularly denote data related to the sender entity. In an embodiment, the identity may be a specific or concrete identity (such as a name) directly representing a person operating the sender entity. However, the term “identity” may also denote an abstract identity (such as an email address, an IP address, a relation to a company or to a support department of a company, etc.) being assigned indirectly to the sender entity. The identity of the sender entity may denote information which is uniquely or unambiguously correlated to the sender entity. However, the sender entity or a natural person operating the sender entity may have one or multiple identities, for instance may have one or multiple email addresses. The identity of the sender unit may be authenticated and may be a trusted identity.
- According to an exemplary embodiment, a safe communication architecture may be provided in which a recipient of a communication message can easily and intuitively evaluate a risk whether the communication message is spam or not, based on a combination of two items of information: On the On the one hand, the recipient may download reputation information indicative of a reliability of the sender during communication over the communication network in the past. Such information may be taken from a reputation database in which identities of participants of the communication network can be ranked with a certain reputation, for instance reflecting the experience of other users of the network with the sender in the past. However, this criteria when taken alone may be not sufficiently accurate, and the reliability of such a reputation based spamming filter may be further refined by combining corresponding reputation information on a display with personalized profile data which can be also displayed to the recipient. The recipient may download both reputation data and user profile data from one or more communicatively coupled entities. Therefore, such reputation and user profile data do not have to be permanently stored locally by the recipient. Any update or change of such data only has to be managed centrally by the coordination entity, and not in a distributed way at each node of a network. The user profile data (for instance a photo of the sender) may be provided by the sender to the coordination entity together with her or his identity upon registration in the communication system. Hence, the combination of the display of a reputation of a user and the display of user profile data may give a recipient user a fast, easy, reliable and intuitive impression of the trustability of a communication message.
- In the following, further embodiments of the coordination entity will be explained. However, these embodiments also apply to the sender entity, to the recipient entity, to the communication system, to the method, to the program element and to the computer-readable medium.
- The determining unit may be configured for determining the reputation of the sender entity by querying a reputation database based on the identity. In other words, the identity of the sender entity (provided during registration) may be used as a search criteria for retrieving user reputation data from a database such as a mass storage device.
- The reputation database (which may have storage capabilities and may be realized as a mass storage device, for example) may store reputations for multiple entities (such as a large number of communication parties in the network), the reputations being provided by users of the communication network based on a previous experience with a corresponding one of the entities. For instance, each of the users may be enabled to provide a ranking for other users of the communication network regarding the exchange of communication messages with this user in the past. In case of bad experiences, for instance when a spamming mail was received from a sender, this may result in a bad ranking. In case of good experiences, a good ranking may be the consequence, for instance since a user provides a list of reliable users to such a database. The reputation database may be part of the coordination entity, or may be a separate storage device to which the coordination entity may have access. The reputation of a user may change over time, for instance since a behaviour of the user has changed. Thus, the reputation may be permanently updated.
- Additionally or alternatively, the reputation database may store reputation data for multiple communication entities, the reputations being provided in accordance with a membership of a corresponding one of the communication entities to a social network. Hence, the fact that a user belongs to or is a member of a trusted (or untrusted) community may have an influence on the classification of such a user to have a good reputation (or a bad reputation).
- The reputation database may store reputations for multiple communication entities, the reputations being determined (particularly calculated in accordance with a predefined algorithm) based on user and/or automatically evaluated feedback provided by users via the communication network and representing an experience of users with respective ones of the multiple communication entities. The term automatically evaluated feedback may denote that automatic feedback can also have an impact on the reputation (e.g. from spamtraps). For example, users of the communication network may (qualitatively or quantitatively) evaluate individual communication entities or persons operating such communication entities in the light of their previous behaviour in the communication network. In an embodiment, a user may provide the information that an individual communication entity is a trusted entity (in view of a positive experience of the voting user with this communication entity). It is also possible that a user having previously provided a positive evaluation of a communication entity later revokes or modifies the evaluation after a new (for instance less positive or negative) experience with this communication entity. Thus, an evaluation representing a good relation to a communication entity may also be modified over time allowing for a dynamic update of the reputation data. In another embodiment, a user may provide the information that an individual communication entity is an untrusted entity (in view of a negative experience of the voting user with this communication entity). In a further embodiment, exclusively a positive voting is possible. In a further embodiment, exclusively a negative voting is possible. In a further embodiment, both a positive voting or a negative voting is possible. Hence, users may vote, and the coordination entity may calculate reputation data from the votings in a user-specific way in accordance with a predefined calculation scheme. In a simple embodiment, such a calculation scheme may be the addition of “+1” to the reputation of a communication entity as a result of a positive voting, and the reduction of the reputation by “−1” as a result of a negative voting. However, many other calculation schemes may be applied as well.
- The coordination entity may be realized as a plurality (for instance two, three, four or more) of separate servers. Such servers may be communicatively coupled to one another to enable data exchange between the servers. They may be located remotely with respect to one another. Particularly, the plurality of separate servers may store the user profile data and/or the reputation at least partially redundantly. For instance, user profile data and/or the reputation data corresponding to a respective jurisdiction (for instance the US) may be stored on a separate server being easily accessible for communication entities located within this jurisdiction. Additionally or alternatively to the jurisdiction, the partially redundant storage may also be managed in accordance with one or more other criteria.
- In the following, further exemplary embodiments of the sender entity will be explained. However, these embodiments also apply to the coordination entity, to the recipient entity, to the communication system, to the method, to the program element and to the computer-readable medium.
- The message sending unit may be configured for sending the communication message to the recipient entity with a signature indicative of the identity. In the context of this application, the term “signature” may relate to a data section (such as a textual portion) of an email or another communication message indicative of a sender of this communication message. Such a (for instance digital) signature may be obtained by applying a cryptographic procedure wherein, by using a private key (which may be secret), a number (for instance a so-called digital signature) may be calculated. The creatorship and the affiliation of the digital signature to the communication message can be checked by any other communication party by applying a public key (which may be publically available and not secret) to the signature. When a recipient entity receives the message with a message body and the signature, the analysis of the signature may be the first check of the reliability of the message. According to an exemplary embodiment, the unsuccessful analysis of the signature may be sufficient to reject the communication message. Only upon verifying the correctness of the signature, the communication message may be further processed and displayed together with reputation data and user profile data. This may allow to further increase reliability of the system. In an embodiment, the signature can be used to confirm the authenticity of a transmitted identity.
- In the following, further exemplary embodiments of the recipient entity will be explained. However, these embodiments also apply to the coordination entity, to the sender entity, to the communication system, to the method, to the program element and to computer-readable medium.
- The recipient entity may further comprise a signature evaluation unit configured for evaluating a signature of the communication message, the signature being indicative of the identity. Thus, when the recipient entity has received a signed communication message, the signature may be checked by the recipient entity to verify the correct identity of the sender entity.
- The signature evaluation unit may further be configured for classifying the communication message as invalid in case that the evaluation of the signature fails. Thus, a wrong signature alone may be sufficient for refusal of the communication message so that the consequence can be that this communication message is transferred to a spam folder.
- Alternatively, it is also possible that when the verification of the signature fails, the recipient entity displays the communication message in an inbox folder, however without profile data and without reputation data.
- Still referring to the previously described embodiment, the signature evaluation unit may be configured for inhibiting the receiving of the user profile data and of the reputation of the sender entity in case that the evaluation of the signature fails. Therefore, when the signature is not verified, it is no longer necessary that traffic is generated over a communication network for receiving user profile data and reputation by contacting a coordination server. This allows for an efficient use of processing and storage resources of the communication system.
- The display unit may be configured for graphically displaying the reputation. For instance, the display unit may be a monitor or the like (for instance a liquid crystal display, a cathode ray tube, a plasma display device or the like). In an example in which the communication message is an email, when a user of the recipient entity checks her or his emails in an email client, a click on an email may open a computer window which shows a graphical indication of the reputation. This may be a numeric value, for instance a percentage, being quantitatively indicative of the reliability of the user of the sender entity. It is also possible to display the reputation as a bar plot since this is a very intuitive way of reporting to the user at a glance whether the communication message is reliable or not. For instance, a very short bar may indicate a low degree of reliability, a very long bar may indicate a high degree of reliability. The reputation may also be displayed using a color code wherein the color may be indicative of the reputation. For example, a green button may indicate trustability of the user of the sender entity, a red button may indicate untrustability of the user of the sender entity, and a yellow button may indicate that trustability of the user of the sender entity is difficult or impossible to be decided. Hence, red, green and yellow may have a similar (and therefore intuitive) meaning as the colors of a traffic light.
- The display unit may be configured for simultaneously displaying the user profile data and the reputation together with the communication message. In other words, user profile data, reputation and communication message may be displayed on the same computer window. Such a window may be considered as a two dimensional object arranged on a desktop. For instance, in one and the same window of a window-based browser, the message, the reputation and the user profile may be displayed at the same time so that it is very convenient for a user to see the message content, information regarding the person having sent the message and an evaluation of the trustability of this person.
- The recipient entity may comprise a classification unit configured for classifying the communication message based on the reputation. Multiple classes of communication messages may be defined, wherein each class may for instance be assigned to an email folder in which the email message may be shifted if it belongs to the respective class. For instance, the downloaded reputation data may be analyzed regarding one or more predefined criteria for a decision of the recipient entity to which class the message should be classified (for instance whether a communication message should be treated as a regular email or should be shifted to a spam folder). Thus, the classification may be used as a filter criteria regarding spam. This spam filter criteria may be the only one or may be combined with one or more further filter criteria, for instance a text based filter criteria. Text or content filtering techniques may check on typical spam words, URLs that lead to known spam websites, invalid email formats or known fingerprints of spam mail bodies. In an embodiment, this content filtering technique may be combined with a delivery source filtering method checking for invalid sending IPs, for instance using a reputation of a user from a reputation database for evaluating the risk of a spam mail.
- In an embodiment, a “black-white-listing” may be implemented for a user. In a scenario in which an email is received from an unknown identity, this email may be displayed in a specific representation mode, for instance in grey color. Only upon specific request, the recipient can receive the profile and reputation data and can trust these data. Only subsequently, the profile data may then be displayed as described above, for instance with a traffic light code. Such a black-white listing may provide a social network component providing for a link between different users.
- In the following, further exemplary embodiments of the method will be explained. However, these embodiments also apply to the coordination entity, to the sender entity, to the recipient entity, to the communication system, to the program element and to the computer-readable medium.
- In an embodiment, the identity of the sender unit may be an authenticated identity. This embodiment relies on the highly advantageous combination of the verification of an authenticated sender identity with the provision of reputation data and user profile data. This may render the communication system more secure and may make forgery of the identity and of the assigned user profile data more difficult or even impossible. When the profiles are based on an authenticated identity of the sender entity, it can be made very difficult or almost impossible that an unauthorized party of the communication network provides profile data related to another person party and therefore mimics another entity's identity. Consequently, it may be ensured that profile data provided by the system according to the described embodiment in fact relate to the sender entity. For instance, this can be ensured by a signature which may be added to the sent communication message. For instance during the communication between the sender entity and the recipient entity, the transmission of a signature together with the communication message may allow the recipient unit to confirm that the signature is correct and that hence the sender can be considered as an authorized sender. This verification can then also ensure that during the communication of the recipient entity with the coordination entity, profile data related to an authenticated user is downloaded. Such profile data may for instance be transmitted from the coordination entity to the recipient entity in an encrypted manner (for instance SSL encrypted) and/or using the signature. Since the verification of a signature may require a key (for instance a public key or any other code), the authenticated identity of the sender entity may be verified. With such an architecture, it may be prevented that an unauthorized party provides profile data of another communication party, for instance by using another one's email address.
- In an embodiment, the communication message may be an email. An email or electronic mail may be denoted as an item of worldwide electronic communication in which a computer user can compose a message at one terminal that can be regenerated at the recipient's terminal when the recipient logs in. However, also other kinds of electronic communication messages may be handled according to exemplary embodiments, such as SMS (Short Message Service) messages, MMS (Multimedia Messaging Service) messages, etc. In another embodiment, it is also possible that a user profile in combination with reputation data are displayed on a display of a phone such as a mobile phone in case of an incoming call. Based on these data items (which may, in an embodiment, be retrieved from a remote server and not stored locally on the mobile phone), a user of the phone may then decide whether the phone call is answered or not. In case of a low reputation (for instance indicating that the caller is an untrusted party) of the caller, the user will receive this information before answering the call. In such an embodiment, the user profile data and the reputation may be displayed in combination with a telephone number or an assigned identity (such as a name) of the caller. The phone may download both the user profile and the reputation from the coordination entity upon receipt of the incoming call.
- In an embodiment, the communication may be in accordance with a Domain Key Identified Mail (DKIM) architecture. In DKIM, a public key may be deposited in a DNS (domain name system) server. The DNS server may be a different one or the same server as the coordinating server providing the user profile data and the reputation data to the recipient entity. A recipient entity desiring to validate a signature of a received communication message may then contact the DNS server to obtain the public key for validation of the signature. With successful validation of the DKIM signature a authenticated identity can be derived from the DKIM user and domain parts. This DKIM identity can be directly used by the coordinating entity.
- In Domain Key Identified Mail communication (DKIM communication), a DKIM reputation database may be used in which identities of spammers are collected that are sending DKIM valid mails (to spam traps). These reputation data may be provided as a DNS blacklist which is accessible to anybody and can be used as a spam filter criteria. Such an embodiment may implement a DKIM signature check which will check a DKIM signature on message delivery and may notify a user when a signature is invalid. A DKIM notification service may send an email to a user when a mail domain is listed in the blacklist. With a DKIM reputation query, a user can check an own DKIM reputation. This can be done by entering an email address and a domain name of a signing party. DKIM is included in the industrial standard RFC 4871. In order to reduce the risk of spam and phishing emails reducing the trustability of email communication, emails may be automatically signed with a signature based on the DKIM standard. Hence, in a DKIM system, verified spam mails may be collected, and their senders may be added to a reputation database that can be used in spam mail filtering. A bad score may be given to DKIM spammers, and a slightly good score to other, good DKIM senders.
- As an alternative to DKIM, a validation of a signed communication message (sent from the sender entity to the recipient entity) by the recipient unit may be performed based on a public key which is included as part of the transmitted communication message in the form of a verifiable certificate of a public key infrastructure (PKI). Hence, it may be dispensable to download such a public key from a dedicated server in such an embodiment, and the identity can be authenticated.
- In another embodiment, a communication may be performed in accordance with Kerberos. Kerberos may be denoted as a computer network authentication protocol which may allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Such a technology may be particularly applied to a client server system and provides mutual authentication. Both the user and the server may verify each others identity. Kerberos may implement symmetric key cryptography and may require a trusted third party. A Kerberos architecture may be particularly appropriate in an intranet.
- The user profile data may comprise image data showing the user operating the sender entity, image data including a photo of the user operating the sender entity, image data including a logo assigned to the user (or a company or association to which the user belongs), text data having a relation to the user, audio data having a relation to the user, audiovisual data having a relation to the user, multimedia data having a relation to the user, a link to a node of a communication network (for instance a link to a homepage of the user) and/or contact information for contacting the user. More generally, a generally, a user profile may be denoted as the collection of personal data associated to a specific user. The profile may refer therefore to the electronic representation of a person's identity or may be an abstract profile which is only indirectly linked to a person (for instance a profile of a company to which a person belongs). Such profile data may be supplied in combination with the identity of the user by the user upon registering at the coordination entity.
- When the recipient entity queries the coordination entity after receipt of a message to derive reputation data, also profile data may be sent from the coordination entity to the recipient entity. The reputation data may be indicative of a rating of a behavior of a user of the sender entity regarding a previous communication over the communication network. Thus, a voting may be contributed for each user of a communication network so that the total opinion of the users regarding a specific participant may be reflected in the reputation database.
- The reputation data may be indicative of a probability that the communication message of a user of the sender entity is a spam message. Therefore, the reputation data may be used as a spam filtering criteria as well.
- The communication network may be the public Internet. In the public Internet it is very important that spam mails are suppressed because here it is very difficult to control spamming activities. However, it is also possible that the system is implemented on an intranet, for instance a network operated by an institution or a company. Here, a central server may be used as a trusted entity which manages the user profiles as well as the reputation.
- The sender entity and/or the recipient entity may comprise an email client or may be communicatively coupled to an email server providing an email client. Such an email client may be a browser via which a user may monitor her or his emails regularly. During such a monitoring, a user has only few time to decide whether an email is read in detail or is refused as spam. The intuitive combination of user profile data and reputation may be a considerable simplification for a user allowing to decide in a very short time whether an email is considered as a spam or not.
- In an embodiment, DKIM verification may be used as a spam filter criteria. Particularly, a DKIM signed email may be used as a basis for an identity based filtering. In other words, this may allow evaluating whether an email originates from an untrusted user or not. The identity may be included in the email, for instance in an email header verifiable by a checksum or the like. If the checksum is okay, the email message may be basically accepted and can be displayed in an inbox folder of an email client. However, a more detailed analysis of the reliability of such an email may be performed by considering as well the reputation of the user provided by the reputation database and user profile data displayed simultaneously. In other words, the identity may be linked to profile data for the sake of spam filtering. Thus, components from a social network (certified sender) may be used. For this purpose, a database may be accessed which includes spam relevant information as well as user profile data.
- Exemplary embodiments of the invention are based on an identification system such as the Domain Key Identified Mail (DKIM) which allows the identification of systems via which an email has been transferred over a global mail network. In this context, asymmetric cryptographic methods may be applied. Such an identification system may be combined with a reputation database. Using DKIM, it is possible to assign reputations to DKIM identities, for instance to rank spammers with a low reputation in order to reduce a probability that a corresponding email is not classified as a spam email.
- The aspects defined above and further aspects of the invention are apparent from the examples of embodiment to be described hereinafter and are explained with reference to these examples of embodiment.
- The invention will be described in more detail hereinafter with reference to examples of embodiment but to which the invention is not limited.
-
FIG. 1 illustrates a communication system according to an exemplary embodiment of the invention. -
FIG. 2 illustrates a display of an email client such as Mozilla Thunderbird in which an email is displayed as a combination of a message text, profile data of a user as well as a user reputation. -
FIG. 3 schematically illustrates communication between a sender entity, a recipient entity and a coordination entity in a communication system based on DKIM according to an exemplary embodiment. -
FIG. 4 illustrates a system architecture of a communication network according to an exemplary embodiment. -
FIG. 5 is a more detailed view of the communication architecture ofFIG. 4 . -
FIG. 6 illustrates a DKIM communication network according to an exemplary embodiment of the invention. -
FIG. 7 illustrates a communication system according to an exemplary embodiment of the invention in which a public key for validating a signature of an email is included in the email. -
FIG. 8 illustrates a Kerberos communication system according to an exemplary embodiment of the invention. - The illustration in the drawing is schematically. In different drawings, similar or identical elements are provided with the same reference signs.
- In the following, referring to
FIG. 1 , acommunication network 100 according to an exemplary embodiment of the invention will be explained. - The
communication network 100 comprises a sender entity 102 (for instance a personal computer operated by a sender user) for sending acommunication message 104 to a recipient entity 106 (for instance a further personal computer operated by a recipient user). Thecommunication network 100 furthermore comprises therecipient entity 106 receiving thecommunication message 104 from thesender entity 102 over thecommunication network 100. Moreover, aserver 108 acting as a coordination entity is provided for coordinating communication between thesender entity 102 and therecipient entity 106 over thecommunication network 100. - When the
sender entity 102 sends thecommunication message 104 to therecipient entity 106, a message transfer server such as an email server (not shown inFIG. 1 ) of thesender entity 102 and a message transfer server such as an email server (not shown inFIG. 1 ) of therecipient entity 106 as well as further message transfer servers (for instance intermediate email servers) may be provided as well in the communication path between thesender entity 102 and therecipient entity 106. Such message transfer servers may be separate entities in addition toentities entities - Previous experiences of users of the
communication network 100 with thesender entity 102 are characterized by areputation value 144 which is stored in areputation database 110 such as a mass storage device. Thereputation 144 of thesender entity 102 is indicative of the reliability and the trustability of thesender entity 102 in previous communication procedures. Anythird party 112 having communicated with thesender entity 102 in the past, i.e. having exchanged communication messages with thesender entity 102, may provide a ranking of thesender entity 102 regarding the trustability of thissender entity 102. If thesender entity 102 has sent spam messages in the past to thethird party 112, thethird party 112 may evaluate thereputation 144 of thesender entity 102 in a negative way. In contrast to this, if the previous communication between thethird party 112 and thesender entity 102 has been successful and reliable in the past, thethird party 112 may evaluate thesender entity 102 in a positive manner by providing respective reputation reports to thereputation database 110. Thereputation database 110stores reputation data 144 also for a plurality of other users of thecommunication network 100. - The
sender entity 102 comprises aregistration trigger unit 114 configured for triggering a registration of thesender entity 102 at theserver 108 by sending registration data indicative of anidentity 138 of thesender identity 102 and sendinguser profile data 140 of thesender entity 102 to theserver 108. In other words, an identity 138 (or data allowing to derive an identity 138) of thesender entity 102 is supplied to theserver 108 in connection withuser profile data 140, for instance a photo of a person operating thesender entity 102. - Moreover, the
sender entity 102 may comprise amessage sending unit 116 for sending thecommunication message 104 including theidentity 138 of thesender entity 102 and including asignature 142 to therecipient entity 106. Theidentity 138 may be the domain or the email address or the URL or the IP address or a sender specific ID of thesender entity 102. Thesignature 142 may be a DKIM signature allowing therecipient entity 106 to decide whether thecommunication message 104 is a DKIM valid message, by analyzing thesignature 142. Additionally or alternatively, other signatures may be implemented as well. - As can further be taken from
FIG. 1 , theserver 108 comprises aregistration receipt unit 118 configured for receiving the registration data from thesender entity 102 indicative of theidentity 138 of thesender entity 102 and comprising the assigneduser profile data 140 of thesender entity 102. - The
server 108 may comprise or may communicate with auser profile database 120 such as a mass storage device for storing theuser profile data 140 supplied from theregistration trigger unit 114 of thesender entity 102 to theserver 108. In the embodiment ofFIG. 1 , theuser profile database 120 and thereputation database 110 are shown as separate databases, but may also be realized as one common database or one common mass storage device. - In addition to the
registration receipt unit 118, theserver 108 further comprises a determiningunit 122 for determining or retrieving thereputation 144 of thesender entity 102 by querying thereputation database 110 based on theidentity 144 serving as a search criteria for querying thereputation database 110. In other words, when theidentity 138 is used as a search criteria for querying thereputation database 110, thecorresponding reputation 144 assigned to thisidentity 138 may be returned to theserver 108. - The
recipient entity 106 comprises amessage receiver unit 124 for receiving thecommunication message 104 from thesender entity 102 including theidentity 138 of thesender entity 102 and including the (optional)signature 142. - A signature evaluation unit 126 (optional and only present when the embodiment of
FIG. 1 is operated with a signature architecture) may then verify thesignature 142 of thecommunication message 104. For this purpose, thesignature evaluation unit 126 may bidirectionally communicate with a DNS (Domain Name System)server 180. If thesignature evaluation unit 126 identifies thecommunication message 104 to be invalid due to awrong signature 142, thecommunication message 104 may be directed into a spam folder or may be classified as spam. In other words, acorrect signature 142 may be the qualification for thecommunication message 104 to be further evaluated or considered as a valid email. - If the
communication message 104 has passed successfully the signature evaluation, arequest unit 128 is activated which is configured for requesting transmission, from theserver 108, of theuser profile data 140 and thereputation data 144 assigned to thesender entity 102. Thecorresponding request 130 is received by a userdata transmission unit 132 of theserver 108 which is configured for transmitting theuser profile data 140 after having queried the user profile database 120 (using theidentity 138 as a search criteria) and the reputation data 144 (using theidentity 138 as a search criteria) after having queried thereputation database 122. Thus, in reply to therequest 130, aresponse 134 is sent from the userdata transmission unit 132 to the userdata receiver unit 128. - Subsequently, a
display unit 136 of therecipient unit 106, for instance a liquid crystal display unit or a cathode ray tube, displays theuser profile data 140 and thereputation 144 together with thecommunication message 104. Thus, themessage 104 may be presented to a human user visually in combination with a profile of the user, i.e. a profile of thesender 102 so as to allow a social networking with an email. In addition to this, also thereputation 144 of thesender entity 102 is displayed at the same time. This may overcome the conventional problem of a poor trustability of message-based communication in view of activities such as address spoofing or phishing. It is possible that thesender entity 102 is visualized by theuser profile data 140. Furthermore, spam and commercial mails may be removed by filtering since the IP address of the sender entity 102 (and the additional information derived therefrom) may be used as a trust anchor. Thus, theemail 104 may be personalized by visually displaying a user profile 140 (for instance images, multimedia, contact information or the like) when monitoring anemail 104. In addition, thereputation 144 of thesender 102 is assigned to theuser identity 138. Exemplary embodiments may allow to constitute a social network of email contacts by managing confidential relationships. Hence, the described embodiment allows social networking with emails. -
FIG. 2 illustrates ascreenshot 200 of an email client such as Mozilla Thunderbird. -
FIG. 2 illustrates thecommunication message 104, i.e. a text content thereof, in combination with a photo 140 (optionally also with a logo such as a corporate symbol 210) as an example for user profile data. In addition to this, abar plot 144 is shown being indicative of a reputation value of the sender, i.e. of the person shown in thephoto 140. - Additionally or alternatively to the
bar plot 144, it is also possible that any other qualitative or quantitative measure for the reputation is displayed. For instance, a traffic light image (or a traffic light like image) may be displayed in which a red, yellow or green spot is displayed to indicate that the reputation of the user is trusted (for instance green), untrusted (for instance red) or undecidable (for instance yellow). - The simultaneous display of the content of the
communication message 104 with theuser profile 140 and thereputation 144 allows a user to easily decide intuitively whether thesender 102 is reliable or not. - In an alternative embodiment, the
reputation 144 and theuser profile 140 are not only indicated in awindow 220 showing theentire email data 104, but also in anoverview window 230 showing a list of various available emails. - In order to implement the
reputation 144 anduser profile 140 display feature in an email client such as Mozilla Thunderbird or the like, it is possible to add a plug-in which provides this additional service. It is also possible that the corresponding software is directly implemented in the source code of the email client for providing thereputation 144 anduser profile 140 display feature. -
FIG. 3 schematically illustrates a DKIM procedure. - A user may operate a terminal 300 communicating with a
corresponding mail server 302.Entities sender entity 102 inFIG. 1 . A corresponding DKIM signedemail 104 may then be sent to amail server 304 of a recipient communicating via auser terminal 306.Entities recipient entity 106 as shown inFIG. 1 .Reputation database 110 may be queried by therecipient entity 106 to derive further information regarding thereputation 144 of thesender entity 102. -
FIG. 4 illustrates acommunication system 400 according to another exemplary embodiment. - A computer may be equipped with a profile plug-in 402 to form the
sender entity 102 communicating with theprofile server 108 and therecipient 106 which may also be a computer equipped with a profile plug-in 404. - Moreover, a
profile cache 406 may be provided.Profile cache 406 may include a copy of data (such asreputation data 144 and/or user profile data 140) which data is also stored in theprofile server 108. For instance, allreputation data 144 anduser profile data 140 may be centrally stored at theprofile server 108, whereasprofile cache 406 only includes a subset of thereputation data 144 and/oruser profile data 140. Such an architecture may render the system appropriate also for very large numbers of users. For example,profile server 108 may be located in Germany andprofile cache 406 may be located in the US. For users in the US,profile cache 406 may be more easily or faster accessible as compared toprofile server 108 so that data relevant for US users may be copied intoprofile cache 406. - As illustrated with
reference numeral 408, the profile plug-in 402 may communicate withprofile server 108 for a first time registration, for instance also including profile updates, registering of present email identities (user name and password, authentication at the profile server 108). In response to themessage 408, a profile ID may be supplied from theprofile server 108 to the profile plug-in 402 by acommunication message 410, if necessary in connection with further data such as key pairs. -
Email 104 may be transmitted from thesender entity 102 to therecipient entity 106. If necessary, email headers may be inserted before the transmission of theemail 104 for aqualified signature 142 or an additional identification on therecipient 106 side. - On the
recipient side 106, user-basedidentities 138 may be recognized in theemail 104, if necessary a profile ID may be assigned. - In the communication between the profile plug-in 404 and the
profile cache 406, the profile ID may be resolved and the profile data may be transmitted. The profile data may include texts, URLs, multimedia files, etc. -
FIG. 5 is a more detailed illustration of acommunication system 400 shown inFIG. 4 . Theserver 108 comprises theprofile database 120 for providinguser profile data 140, anexternal database 110 for providingreputation data 144 and aprofile generator 500 which may have processing resources. - The
profile generator 500 may be configured for composingprofile data 140 such as images, URLs, multimedia data, andindividual reputations 144. -
FIG. 5 illustrates that one or more external data sources may be added to the communication architecture according to an exemplary embodiment. - In a
communication system 600 shown inFIG. 6 , the system is adapted for a DKIM communication. In this context, the transmission of theemail 104 may include the insertion of a DKIM signature by a direct provider (first party signature). Within therecipient 106/the profile plug-in 404, a DKIM validation and, if necessary, a calculation of the DKIM identity (from a DKIM-header comprising e.g. the i-parameter) may be performed. The profile plug-in 404 and theprofile cache 406 may communicate to resolve the profile ID and to trigger transmission of the profile data. In thecommunication message 408, available email identities may be registered by email transmission to the profile server 108 (user name plus password, authentication at the profile server 108). -
FIG. 6 illustrates thatentities DNS server 180. For instance,entities sender entity 102. Based on this key, the signature may be verified by therecipient entity 106. In other words, an identity of the mail server on domain level may be correlated with an identity of the sender on user level. - A
communication system 700 shown inFIG. 7 differs from thecommunication system 600 shown inFIG. 6 in thatFIG. 7 relates to a so-called User Key Identified Mail (UKIM) architecture. The transmission of theemail 104 is performed with the insertion of an email header prior to the email transmission including an UKIM signature via From, To, Timestamp, Reference, Body-Hash, Body-Length and including the certificate. At the side of therecipient entity 106/profile plug-in 404, the UKIM signature is validated. After examining the certificate via a public key infrastructure and verification of the UKIM signature the profile ID included also in the certificate may be accepted. In a communication betweenentities communication 408, a first time registration at theprofile server 108 is performed, if necessary profile updates are transmitted (user name and password, authentication at the profile server 108). In thecommunication message 410, a profile ID is assigned, a private key and a certificate with a common name is assigned, which is the profile ID. - In the embodiment of
FIG. 7 , a public key of thesender entity 102 is included in theemail 104. Hence, a signature is verifiable by therecipient 106 without the necessity of contacting a DNS server (as inFIG. 6 ). Thus, arecipient entity 106 is not dependent on whether such a DNS server supports a used communication architecture such as DKIM or not. Therefore, including a public key for signature validation directly in the email may allow to provide a more flexible system. InFIG. 7 ,recipient entity 106 may therefore validatecommunication message 104 without the need to access an external database. - A
communication system 800 shown inFIG. 8 relates to a Kerberos enabled environment. - In a
communication message 408, a user profile is created at a domain controller, if necessary profile updates are communicated.Communication message 410 relates to the assignment of a profile ID, i.e. a user name. When transmitting theemail 104, an email header is introduced by a mail server (based on a Kerberos authentication), a so called authentication header comprising a security token. At the side of therecipient entity 106/profile plug-in 404, the security token authentication header is validated by the client. Here, From-Header may be used as a profile key or identity. In the communication between the profile plug-in 404 and theprofile cache entity 406, the profile data is transmitted (based on the From-Address). - The Kerberos architecture of
FIG. 8 is particularly appropriate for an Intranet being limited to a defined number of communication nodes in contrast to the unlimited public Internet. For instance, the communication network shown inFIG. 8 can be operated in a Microsoft Exchange environment. In such a scenario, an Exchange Server knows which user has sent the communication message due to the Kerberos authentication. The server may attach a security token in an Authentication header of the communication message indicative of the fact that this server has sent the communication message. Such a header may grant the trustability of the From header which may then be used for downloading data from a Profile Server. - An exemplary application of exemplary embodiments of the invention is company internal communication, for instance within a local network. For instance, an email identity may be verified by a trusted registration of the mail server of the network of the company. A profile storage may be performed in a a Microsoft Active Directory.
- Another exemplary embodiment may relate to a global architecture. An email identity may be verified by the employment of DKIM (Domain Key Identified Mail, RFC 4871) or UKIM (User Key Identified Mail). The deposition of a profile in the web may be performed via a social network.
- It should be noted that the term “comprising” does not exclude other elements or features and the “a” or “an” does not exclude a plurality. Also elements described in association with different embodiments may be combined.
- It should also be noted that reference signs in the claims shall not be construed as limiting the scope of the claims.
Claims (24)
1. A coordination entity for coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network, the coordination entity comprising:
a registration receipt unit configured for receiving registration data from the sender entity indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity;
a determining unit configured for determining a reputation of the sender entity based on the identity;
a user data transmission unit configured for transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, the transmitting being triggered in response to a request of the recipient entity including the identity.
2. The coordination entity according to claim 1 ,
wherein the determining unit is configured for determining the reputation of the sender entity by querying a reputation database based on the identity.
3. The coordination entity according to claim 2 ,
wherein the reputation database stores reputations for multiple communication entities, the reputations being provided by users of the communication network based on a previous experience with a corresponding one of the communication entities.
4. The coordination entity according to claim 2 ,
wherein the reputation database stores reputations for multiple communication entities, the reputations being determined in accordance with a link of a corresponding one of the communication entities with other users in a social network.
5. The coordination entity according to claim 2 ,
wherein the reputation database stores reputations for multiple communication entities, the reputations being determined based on user and/or automatically evaluated feedback provided by users via the communication network and representing an experience of users with respective ones of the multiple communication entities.
6. The coordination entity according to claim 1 ,
comprising a plurality of separate and communicatively coupled servers, particularly a plurality of separate and communicatively coupled servers storing the user profile data and the reputation at least partially redundantly.
7. A sender entity for sending a communication message to a recipient entity over a communication network, the sender entity being characterized in the communication network by a reputation, the sender entity comprising:
a registration trigger unit configured for triggering a registration of the sender entity by sending registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity to a coordination entity to enable the coordination entity for determining the reputation of the sender entity based on the identity and for transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message;
a message sending unit for sending the communication message including the identity to the recipient entity.
8. The sender entity according to claim 7 ,
wherein the message sending unit is configured for sending the communication message to the recipient entity including a signature to verify the identity.
9. A recipient entity for receiving a communication message from a sender entity over a communication network, the recipient entity comprising:
a message receiver unit configured for receiving the communication message from the sender entity including an identity of the sender entity;
a request unit configured for sending a request for user profile data and a reputation of the sender entity to a coordination entity, the request including the identity of the sender entity;
a user data receiver unit configured for receiving the user profile data and the reputation of the sender entity in response to the request from the coordination entity;
a display unit configured for displaying the user profile data and the reputation together with the communication message.
10. The recipient entity according to claim 9 ,
comprising a signature evaluation unit configured for evaluating a signature of the communication message, the signature verifying the identity.
11. The recipient entity according to claim 9 ,
wherein the display unit is configured for graphically displaying the reputation, particularly for graphically displaying the reputation as one of the group consisting of a bar plot, a color code, and a numeric value in case that the evaluation of the signature succeeds.
12. The recipient entity according to claim 9 ,
wherein the display unit is configured for simultaneously displaying the user profile data and the reputation together with the communication message in case that the evaluation of the signature succeeds.
13. The recipient entity according to claim 9 ,
comprising a classification unit configured for classifying the communication message based on the reputation.
14. A communication system for communicating over a communication network, the communication system comprising:
a sender entity of claim 7 for sending a communication message to a recipient entity over the communication network;
the recipient entity of claim 9 for receiving the communication message from the sender entity over the communication network;
a coordination entity of claim 1 coordinating communication between the sender entity and the recipient entity over the communication network.
15. A method of coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network, the method comprising:
registering the sender entity based on registration data indicative of an identity of the sender entity and comprising assigned user profile data of the sender entity;
determining a reputation of the sender entity based on the identity;
transmitting the user profile data and the reputation to the recipient entity for display of the user profile data and the reputation together with the communication message, the transmitting being triggered in response to a request of the recipient entity including the identity.
16. The method of claim 15 ,
wherein the identity of the sender unit is an authenticated identity.
17. The method of claim 15 ,
wherein the communication message comprises one of the group consisting of an email, an incoming telephone call, a Short Message Service message, a Multimedia Messaging Service message, and a message initiating a messenger chat.
18. The method of claim 15 ,
wherein the user profile data comprises at least one of the group consisting of image data related to the user, image data including a photo of the user, image data including a logo related to the user, text data, audio data, video data, audiovisual data, multimedia data, a link to a node of the communication network, and contact information for contacting the user.
19. The method of claim 15 ,
wherein the reputation data is indicative of a rating of a behaviour of a user of the sender entity regarding a previous communication over the communication network.
20. The method of claim 15 ,
wherein the reputation data is indicative of a probability that the communication message sent by the sender entity is a non-trusted message, particularly is a spam message.
21. The method of claim 15 ,
wherein the communication network comprises at least one of the group consisting of the public Internet and an intranet.
22. The method of claim 15 ,
wherein at least one of the sender entity and the recipient entity comprises or is communicatively coupled to a message transfer entity, particularly to an email client.
23. A computer-readable medium, in which a computer program of coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network is stored, which computer program, when being executed by a processor, is adapted to carry out or control a method according to claim 15 .
24. A program element of coordinating communication between a sender entity sending a communication message and a recipient entity receiving the communication message over a communication network, which program element, when being executed by a processor, is adapted to carry out or control a method according to claim 15 .
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/483,427 US20100318614A1 (en) | 2009-06-12 | 2009-06-12 | Displaying User Profile and Reputation with a Communication Message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/483,427 US20100318614A1 (en) | 2009-06-12 | 2009-06-12 | Displaying User Profile and Reputation with a Communication Message |
Publications (1)
Publication Number | Publication Date |
---|---|
US20100318614A1 true US20100318614A1 (en) | 2010-12-16 |
Family
ID=43307308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/483,427 Abandoned US20100318614A1 (en) | 2009-06-12 | 2009-06-12 | Displaying User Profile and Reputation with a Communication Message |
Country Status (1)
Country | Link |
---|---|
US (1) | US20100318614A1 (en) |
Cited By (61)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110004693A1 (en) * | 2009-07-02 | 2011-01-06 | Microsoft Corporation | Reputation Mashup |
US20120151578A1 (en) * | 2010-12-14 | 2012-06-14 | F-Secure Corporation | Detecting a suspicious entity in a communication network |
US20120159580A1 (en) * | 2010-11-24 | 2012-06-21 | Galwas Paul Anthony | Method of Establishing Trusted Contacts With Access Rights In a Secure Communication System |
US20120323959A1 (en) * | 2011-06-20 | 2012-12-20 | International Business Machines Corporation | Multiple electronic identity recognition |
US20130007627A1 (en) * | 2011-06-30 | 2013-01-03 | Xobni Corporation | Presenting entity profile information to a user of a computing device |
WO2013010065A2 (en) * | 2011-07-14 | 2013-01-17 | Faceon Mobile Corporation | Phone with multi-portal access for display during incoming and outgoing calls |
WO2013023966A1 (en) * | 2011-08-12 | 2013-02-21 | F-Secure Corporation | Detection of suspect wireless access points |
US20130060866A1 (en) * | 2011-09-07 | 2013-03-07 | Elwha LLC, a limited liability company of the State of Delaware | Computational systems and methods for identifying a communications partner |
WO2013173648A2 (en) * | 2012-05-16 | 2013-11-21 | Yandex Europe Ag | Method of and system for providing an image associated with a sender of an e-mail message or with contact information |
US20140052795A1 (en) * | 2012-08-20 | 2014-02-20 | Jenny Q. Ta | Social network system and method |
US20140133481A1 (en) * | 2012-11-11 | 2014-05-15 | Pingshow Inc. | Web Telephone with Integrated Voice and Data |
US8984074B2 (en) | 2009-07-08 | 2015-03-17 | Yahoo! Inc. | Sender-based ranking of person profiles and multi-person automatic suggestions |
US8990323B2 (en) | 2009-07-08 | 2015-03-24 | Yahoo! Inc. | Defining a social network model implied by communications data |
US9020938B2 (en) | 2010-02-03 | 2015-04-28 | Yahoo! Inc. | Providing profile information using servers |
US9058366B2 (en) | 2007-07-25 | 2015-06-16 | Yahoo! Inc. | Indexing and searching content behind links presented in a communication |
US9087323B2 (en) | 2009-10-14 | 2015-07-21 | Yahoo! Inc. | Systems and methods to automatically generate a signature block |
US9183520B2 (en) | 2011-09-07 | 2015-11-10 | Elwha Llc | Computational systems and methods for linking users of devices |
US20160006797A1 (en) * | 2013-02-19 | 2016-01-07 | Sony Computer Entertainment Inc. | Information processing system |
US9235815B2 (en) | 2011-06-20 | 2016-01-12 | International Business Machines Corporation | Name resolution |
US9275126B2 (en) | 2009-06-02 | 2016-03-01 | Yahoo! Inc. | Self populating address book |
US20160078124A1 (en) * | 2003-02-20 | 2016-03-17 | Dell Software Inc. | Using distinguishing properties to classify messages |
US9432190B2 (en) | 2011-09-07 | 2016-08-30 | Elwha Llc | Computational systems and methods for double-encrypting data for subsequent anonymous storage |
US9473647B2 (en) | 2011-09-07 | 2016-10-18 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US9491146B2 (en) | 2011-09-07 | 2016-11-08 | Elwha Llc | Computational systems and methods for encrypting data for anonymous storage |
US9501561B2 (en) | 2010-06-02 | 2016-11-22 | Yahoo! Inc. | Personalizing an online service based on data collected for a user of a computing device |
US9584343B2 (en) | 2008-01-03 | 2017-02-28 | Yahoo! Inc. | Presentation of organized personal and public data using communication mediums |
US9667415B1 (en) | 2015-11-18 | 2017-05-30 | International Business Machines Corporation | Domain-server public-key reference |
US9685158B2 (en) | 2010-06-02 | 2017-06-20 | Yahoo! Inc. | Systems and methods to present voice message information to a user of a computing device |
US9690853B2 (en) | 2011-09-07 | 2017-06-27 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US9721228B2 (en) | 2009-07-08 | 2017-08-01 | Yahoo! Inc. | Locally hosting a social network using social data stored on a user's computer |
US9774626B1 (en) * | 2016-08-17 | 2017-09-26 | Wombat Security Technologies, Inc. | Method and system for assessing and classifying reported potentially malicious messages in a cybersecurity system |
US9781149B1 (en) | 2016-08-17 | 2017-10-03 | Wombat Security Technologies, Inc. | Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system |
US9819765B2 (en) | 2009-07-08 | 2017-11-14 | Yahoo Holdings, Inc. | Systems and methods to provide assistance during user input |
US9928485B2 (en) | 2011-09-07 | 2018-03-27 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10027611B2 (en) | 2003-02-20 | 2018-07-17 | Sonicwall Inc. | Method and apparatus for classifying electronic messages |
US10074113B2 (en) | 2011-09-07 | 2018-09-11 | Elwha Llc | Computational systems and methods for disambiguating search terms corresponding to network members |
US10078819B2 (en) | 2011-06-21 | 2018-09-18 | Oath Inc. | Presenting favorite contacts information to a user of a computing device |
US10185814B2 (en) | 2011-09-07 | 2019-01-22 | Elwha Llc | Computational systems and methods for verifying personal information during transactions |
US10192200B2 (en) | 2012-12-04 | 2019-01-29 | Oath Inc. | Classifying a portion of user contact data into local contacts |
US10198729B2 (en) | 2011-09-07 | 2019-02-05 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10244107B1 (en) * | 2017-10-23 | 2019-03-26 | Neustar, Inc. | Systems and methods for causing display of a reputation indicator associated with a called party |
US10417411B2 (en) * | 2010-06-11 | 2019-09-17 | D2L Corporation | Systems, methods, and apparatus for securing user documents |
US10546306B2 (en) | 2011-09-07 | 2020-01-28 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10652388B2 (en) | 2017-10-23 | 2020-05-12 | Neustar, Inc. | Communication systems and methods for causing display of visual content on a screen associated with a calling device |
US10666695B2 (en) | 2018-07-25 | 2020-05-26 | Eduard Weinwurm | Group chat application with reputation scoring |
US10944686B2 (en) | 2013-06-03 | 2021-03-09 | Seven Networks, Llc | Blocking/unblocking algorithms for signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
US11075867B2 (en) | 2017-07-26 | 2021-07-27 | Yandex Europe Ag | Method and system for detection of potential spam activity during account registration |
US11431738B2 (en) | 2018-12-19 | 2022-08-30 | Abnormal Security Corporation | Multistage analysis of emails to identify security threats |
US11451576B2 (en) | 2020-03-12 | 2022-09-20 | Abnormal Security Corporation | Investigation of threats using queryable records of behavior |
US11470108B2 (en) | 2020-04-23 | 2022-10-11 | Abnormal Security Corporation | Detection and prevention of external fraud |
US11470042B2 (en) | 2020-02-21 | 2022-10-11 | Abnormal Security Corporation | Discovering email account compromise through assessments of digital activities |
US11477234B2 (en) * | 2020-02-28 | 2022-10-18 | Abnormal Security Corporation | Federated database for establishing and tracking risk of interactions with third parties |
US11483423B2 (en) | 2017-02-03 | 2022-10-25 | Sean Wilson | Method of enhancing personal contact information display on a mobile device |
US11528242B2 (en) | 2020-10-23 | 2022-12-13 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
US11552969B2 (en) | 2018-12-19 | 2023-01-10 | Abnormal Security Corporation | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time |
US11663303B2 (en) | 2020-03-02 | 2023-05-30 | Abnormal Security Corporation | Multichannel threat detection for protecting against account compromise |
US11687648B2 (en) | 2020-12-10 | 2023-06-27 | Abnormal Security Corporation | Deriving and surfacing insights regarding security threats |
US11743294B2 (en) | 2018-12-19 | 2023-08-29 | Abnormal Security Corporation | Retrospective learning of communication patterns by machine learning models for discovering abnormal behavior |
US11831661B2 (en) | 2021-06-03 | 2023-11-28 | Abnormal Security Corporation | Multi-tiered approach to payload detection for incoming communications |
US11949713B2 (en) | 2020-03-02 | 2024-04-02 | Abnormal Security Corporation | Abuse mailbox for facilitating discovery, investigation, and analysis of email-based threats |
US11973772B2 (en) | 2022-02-22 | 2024-04-30 | Abnormal Security Corporation | Multistage analysis of emails to identify security threats |
Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070086592A1 (en) * | 2005-10-19 | 2007-04-19 | Microsoft Corporation | Determining the reputation of a sender of communications |
US20080046511A1 (en) * | 2006-08-15 | 2008-02-21 | Richard Skrenta | System and Method for Conducting an Electronic Message Forum |
US20080109491A1 (en) * | 2006-11-03 | 2008-05-08 | Sezwho Inc. | Method and system for managing reputation profile on online communities |
US20080140781A1 (en) * | 2006-12-06 | 2008-06-12 | Microsoft Corporation | Spam filtration utilizing sender activity data |
US7457955B2 (en) * | 2004-01-14 | 2008-11-25 | Brandmail Solutions, Inc. | Method and apparatus for trusted branded email |
US20090125605A1 (en) * | 2004-10-05 | 2009-05-14 | Michael Chung | Method and System for Managing Folders of Email Accounts and Voice Messages |
US20090210500A1 (en) * | 2008-02-20 | 2009-08-20 | David Clark Brillhart | System, computer program product and method of enabling internet service providers to synergistically identify and control spam e-mail |
US20100115040A1 (en) * | 2008-09-30 | 2010-05-06 | James Sargent | Systems And Methods For Creating And Updating Reputation Records |
US20100153394A1 (en) * | 2008-12-12 | 2010-06-17 | At&T Intellectual Property I, L.P. | Method and Apparatus for Reclassifying E-Mail or Modifying a Spam Filter Based on Users' Input |
US20100174795A1 (en) * | 2004-10-29 | 2010-07-08 | The Go Daddy Group, Inc. | Tracking domain name related reputation |
US20100180333A1 (en) * | 2009-01-15 | 2010-07-15 | Microsoft Corporation | Communication Abuse Prevention |
US7765265B1 (en) * | 2005-05-11 | 2010-07-27 | Aol Inc. | Identifying users sharing common characteristics |
US20100223251A1 (en) * | 2004-10-29 | 2010-09-02 | The Go Daddy Group, Inc. | Digital identity registration |
US20100318623A1 (en) * | 2006-04-05 | 2010-12-16 | Eric Bloch | Method of Controlling Access to Network Resources Using Information in Electronic Mail Messages |
US7870203B2 (en) * | 2002-03-08 | 2011-01-11 | Mcafee, Inc. | Methods and systems for exposing messaging reputation to an end user |
US20110022670A1 (en) * | 2008-07-03 | 2011-01-27 | Barracuda Networks Inc. | Facilitating transmission of email by checking email parameters with a database of well behaved senders |
US7925516B2 (en) * | 2008-03-14 | 2011-04-12 | Microsoft Corporation | Leveraging global reputation to increase personalization |
US20110145158A1 (en) * | 2008-01-08 | 2011-06-16 | FlipKey, Inc. | Digital data processing methods and systems for cultivating and providing guest feedback on rental accomodations |
-
2009
- 2009-06-12 US US12/483,427 patent/US20100318614A1/en not_active Abandoned
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7870203B2 (en) * | 2002-03-08 | 2011-01-11 | Mcafee, Inc. | Methods and systems for exposing messaging reputation to an end user |
US7457955B2 (en) * | 2004-01-14 | 2008-11-25 | Brandmail Solutions, Inc. | Method and apparatus for trusted branded email |
US20090125605A1 (en) * | 2004-10-05 | 2009-05-14 | Michael Chung | Method and System for Managing Folders of Email Accounts and Voice Messages |
US20100223251A1 (en) * | 2004-10-29 | 2010-09-02 | The Go Daddy Group, Inc. | Digital identity registration |
US20100174795A1 (en) * | 2004-10-29 | 2010-07-08 | The Go Daddy Group, Inc. | Tracking domain name related reputation |
US7765265B1 (en) * | 2005-05-11 | 2010-07-27 | Aol Inc. | Identifying users sharing common characteristics |
US20070086592A1 (en) * | 2005-10-19 | 2007-04-19 | Microsoft Corporation | Determining the reputation of a sender of communications |
US20100318623A1 (en) * | 2006-04-05 | 2010-12-16 | Eric Bloch | Method of Controlling Access to Network Resources Using Information in Electronic Mail Messages |
US20080046511A1 (en) * | 2006-08-15 | 2008-02-21 | Richard Skrenta | System and Method for Conducting an Electronic Message Forum |
US20080109491A1 (en) * | 2006-11-03 | 2008-05-08 | Sezwho Inc. | Method and system for managing reputation profile on online communities |
US20080140781A1 (en) * | 2006-12-06 | 2008-06-12 | Microsoft Corporation | Spam filtration utilizing sender activity data |
US20110145158A1 (en) * | 2008-01-08 | 2011-06-16 | FlipKey, Inc. | Digital data processing methods and systems for cultivating and providing guest feedback on rental accomodations |
US20090210500A1 (en) * | 2008-02-20 | 2009-08-20 | David Clark Brillhart | System, computer program product and method of enabling internet service providers to synergistically identify and control spam e-mail |
US7925516B2 (en) * | 2008-03-14 | 2011-04-12 | Microsoft Corporation | Leveraging global reputation to increase personalization |
US20110022670A1 (en) * | 2008-07-03 | 2011-01-27 | Barracuda Networks Inc. | Facilitating transmission of email by checking email parameters with a database of well behaved senders |
US20100115040A1 (en) * | 2008-09-30 | 2010-05-06 | James Sargent | Systems And Methods For Creating And Updating Reputation Records |
US20100153394A1 (en) * | 2008-12-12 | 2010-06-17 | At&T Intellectual Property I, L.P. | Method and Apparatus for Reclassifying E-Mail or Modifying a Spam Filter Based on Users' Input |
US20100180333A1 (en) * | 2009-01-15 | 2010-07-15 | Microsoft Corporation | Communication Abuse Prevention |
Cited By (120)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160078124A1 (en) * | 2003-02-20 | 2016-03-17 | Dell Software Inc. | Using distinguishing properties to classify messages |
US10785176B2 (en) | 2003-02-20 | 2020-09-22 | Sonicwall Inc. | Method and apparatus for classifying electronic messages |
US10042919B2 (en) | 2003-02-20 | 2018-08-07 | Sonicwall Inc. | Using distinguishing properties to classify messages |
US10027611B2 (en) | 2003-02-20 | 2018-07-17 | Sonicwall Inc. | Method and apparatus for classifying electronic messages |
US9524334B2 (en) * | 2003-02-20 | 2016-12-20 | Dell Software Inc. | Using distinguishing properties to classify messages |
US9298783B2 (en) | 2007-07-25 | 2016-03-29 | Yahoo! Inc. | Display of attachment based information within a messaging system |
US9275118B2 (en) | 2007-07-25 | 2016-03-01 | Yahoo! Inc. | Method and system for collecting and presenting historical communication data |
US9716764B2 (en) | 2007-07-25 | 2017-07-25 | Yahoo! Inc. | Display of communication system usage statistics |
US10069924B2 (en) | 2007-07-25 | 2018-09-04 | Oath Inc. | Application programming interfaces for communication systems |
US9591086B2 (en) | 2007-07-25 | 2017-03-07 | Yahoo! Inc. | Display of information in electronic communications |
US11552916B2 (en) | 2007-07-25 | 2023-01-10 | Verizon Patent And Licensing Inc. | Indexing and searching content behind links presented in a communication |
US9596308B2 (en) | 2007-07-25 | 2017-03-14 | Yahoo! Inc. | Display of person based information including person notes |
US11394679B2 (en) | 2007-07-25 | 2022-07-19 | Verizon Patent And Licensing Inc | Display of communication system usage statistics |
US10356193B2 (en) | 2007-07-25 | 2019-07-16 | Oath Inc. | Indexing and searching content behind links presented in a communication |
US9954963B2 (en) | 2007-07-25 | 2018-04-24 | Oath Inc. | Indexing and searching content behind links presented in a communication |
US10958741B2 (en) | 2007-07-25 | 2021-03-23 | Verizon Media Inc. | Method and system for collecting and presenting historical communication data |
US9699258B2 (en) | 2007-07-25 | 2017-07-04 | Yahoo! Inc. | Method and system for collecting and presenting historical communication data for a mobile device |
US10623510B2 (en) | 2007-07-25 | 2020-04-14 | Oath Inc. | Display of person based information including person notes |
US10554769B2 (en) | 2007-07-25 | 2020-02-04 | Oath Inc. | Method and system for collecting and presenting historical communication data for a mobile device |
US9058366B2 (en) | 2007-07-25 | 2015-06-16 | Yahoo! Inc. | Indexing and searching content behind links presented in a communication |
US9584343B2 (en) | 2008-01-03 | 2017-02-28 | Yahoo! Inc. | Presentation of organized personal and public data using communication mediums |
US10200321B2 (en) | 2008-01-03 | 2019-02-05 | Oath Inc. | Presentation of organized personal and public data using communication mediums |
US10963524B2 (en) | 2009-06-02 | 2021-03-30 | Verizon Media Inc. | Self populating address book |
US9275126B2 (en) | 2009-06-02 | 2016-03-01 | Yahoo! Inc. | Self populating address book |
US8943211B2 (en) * | 2009-07-02 | 2015-01-27 | Microsoft Corporation | Reputation mashup |
US20110004693A1 (en) * | 2009-07-02 | 2011-01-06 | Microsoft Corporation | Reputation Mashup |
US9800679B2 (en) | 2009-07-08 | 2017-10-24 | Yahoo Holdings, Inc. | Defining a social network model implied by communications data |
US8984074B2 (en) | 2009-07-08 | 2015-03-17 | Yahoo! Inc. | Sender-based ranking of person profiles and multi-person automatic suggestions |
US9819765B2 (en) | 2009-07-08 | 2017-11-14 | Yahoo Holdings, Inc. | Systems and methods to provide assistance during user input |
US9159057B2 (en) | 2009-07-08 | 2015-10-13 | Yahoo! Inc. | Sender-based ranking of person profiles and multi-person automatic suggestions |
US9721228B2 (en) | 2009-07-08 | 2017-08-01 | Yahoo! Inc. | Locally hosting a social network using social data stored on a user's computer |
US8990323B2 (en) | 2009-07-08 | 2015-03-24 | Yahoo! Inc. | Defining a social network model implied by communications data |
US11755995B2 (en) | 2009-07-08 | 2023-09-12 | Yahoo Assets Llc | Locally hosting a social network using social data stored on a user's computer |
US9087323B2 (en) | 2009-10-14 | 2015-07-21 | Yahoo! Inc. | Systems and methods to automatically generate a signature block |
US9842145B2 (en) | 2010-02-03 | 2017-12-12 | Yahoo Holdings, Inc. | Providing profile information using servers |
US9020938B2 (en) | 2010-02-03 | 2015-04-28 | Yahoo! Inc. | Providing profile information using servers |
US9842144B2 (en) | 2010-02-03 | 2017-12-12 | Yahoo Holdings, Inc. | Presenting suggestions for user input based on client device characteristics |
US9501561B2 (en) | 2010-06-02 | 2016-11-22 | Yahoo! Inc. | Personalizing an online service based on data collected for a user of a computing device |
US10685072B2 (en) | 2010-06-02 | 2020-06-16 | Oath Inc. | Personalizing an online service based on data collected for a user of a computing device |
US9594832B2 (en) | 2010-06-02 | 2017-03-14 | Yahoo! Inc. | Personalizing an online service based on data collected for a user of a computing device |
US9685158B2 (en) | 2010-06-02 | 2017-06-20 | Yahoo! Inc. | Systems and methods to present voice message information to a user of a computing device |
US9569529B2 (en) | 2010-06-02 | 2017-02-14 | Yahoo! Inc. | Personalizing an online service based on data collected for a user of a computing device |
US11762981B2 (en) * | 2010-06-11 | 2023-09-19 | D2L Corporation | Systems, methods, and apparatus for securing user documents |
US10417411B2 (en) * | 2010-06-11 | 2019-09-17 | D2L Corporation | Systems, methods, and apparatus for securing user documents |
US20210357495A1 (en) * | 2010-06-11 | 2021-11-18 | D2L Corporation | Systems, methods, and apparatus for securing user documents |
US10990665B2 (en) | 2010-06-11 | 2021-04-27 | D2L Corporation | Systems, methods, and apparatus for securing user documents |
US20120159580A1 (en) * | 2010-11-24 | 2012-06-21 | Galwas Paul Anthony | Method of Establishing Trusted Contacts With Access Rights In a Secure Communication System |
US20120151578A1 (en) * | 2010-12-14 | 2012-06-14 | F-Secure Corporation | Detecting a suspicious entity in a communication network |
US8959626B2 (en) * | 2010-12-14 | 2015-02-17 | F-Secure Corporation | Detecting a suspicious entity in a communication network |
US20120323959A1 (en) * | 2011-06-20 | 2012-12-20 | International Business Machines Corporation | Multiple electronic identity recognition |
US8745271B2 (en) * | 2011-06-20 | 2014-06-03 | International Business Machines Corporation | Recognizing multiple identities of sender and sending the multiple identities to recipient |
US9235815B2 (en) | 2011-06-20 | 2016-01-12 | International Business Machines Corporation | Name resolution |
US10078819B2 (en) | 2011-06-21 | 2018-09-18 | Oath Inc. | Presenting favorite contacts information to a user of a computing device |
US10714091B2 (en) | 2011-06-21 | 2020-07-14 | Oath Inc. | Systems and methods to present voice message information to a user of a computing device |
US10089986B2 (en) | 2011-06-21 | 2018-10-02 | Oath Inc. | Systems and methods to present voice message information to a user of a computing device |
US9747583B2 (en) * | 2011-06-30 | 2017-08-29 | Yahoo Holdings, Inc. | Presenting entity profile information to a user of a computing device |
US11232409B2 (en) * | 2011-06-30 | 2022-01-25 | Verizon Media Inc. | Presenting entity profile information to a user of a computing device |
US20130007627A1 (en) * | 2011-06-30 | 2013-01-03 | Xobni Corporation | Presenting entity profile information to a user of a computing device |
WO2013010065A2 (en) * | 2011-07-14 | 2013-01-17 | Faceon Mobile Corporation | Phone with multi-portal access for display during incoming and outgoing calls |
WO2013010065A3 (en) * | 2011-07-14 | 2013-03-28 | Faceon Mobile Corporation | Phone with multi-portal access for display during incoming and outgoing calls |
WO2013023966A1 (en) * | 2011-08-12 | 2013-02-21 | F-Secure Corporation | Detection of suspect wireless access points |
GB2507457B (en) * | 2011-08-12 | 2016-03-02 | F Secure Corp | Detection of suspect wireless access points |
GB2507457A (en) * | 2011-08-12 | 2014-04-30 | F Secure Corp | Detection of suspect wireless access points |
US8655312B2 (en) | 2011-08-12 | 2014-02-18 | F-Secure Corporation | Wireless access point detection |
US9473647B2 (en) | 2011-09-07 | 2016-10-18 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US10523618B2 (en) * | 2011-09-07 | 2019-12-31 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US20130060866A1 (en) * | 2011-09-07 | 2013-03-07 | Elwha LLC, a limited liability company of the State of Delaware | Computational systems and methods for identifying a communications partner |
US10185814B2 (en) | 2011-09-07 | 2019-01-22 | Elwha Llc | Computational systems and methods for verifying personal information during transactions |
US10074113B2 (en) | 2011-09-07 | 2018-09-11 | Elwha Llc | Computational systems and methods for disambiguating search terms corresponding to network members |
US9747561B2 (en) | 2011-09-07 | 2017-08-29 | Elwha Llc | Computational systems and methods for linking users of devices |
US10198729B2 (en) | 2011-09-07 | 2019-02-05 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US9491146B2 (en) | 2011-09-07 | 2016-11-08 | Elwha Llc | Computational systems and methods for encrypting data for anonymous storage |
US10263936B2 (en) | 2011-09-07 | 2019-04-16 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US9432190B2 (en) | 2011-09-07 | 2016-08-30 | Elwha Llc | Computational systems and methods for double-encrypting data for subsequent anonymous storage |
US9928485B2 (en) | 2011-09-07 | 2018-03-27 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US9690853B2 (en) | 2011-09-07 | 2017-06-27 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10546306B2 (en) | 2011-09-07 | 2020-01-28 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10546295B2 (en) | 2011-09-07 | 2020-01-28 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10079811B2 (en) | 2011-09-07 | 2018-09-18 | Elwha Llc | Computational systems and methods for encrypting data for anonymous storage |
US9183520B2 (en) | 2011-09-07 | 2015-11-10 | Elwha Llc | Computational systems and methods for linking users of devices |
US10606989B2 (en) | 2011-09-07 | 2020-03-31 | Elwha Llc | Computational systems and methods for verifying personal information during transactions |
WO2013173648A3 (en) * | 2012-05-16 | 2014-01-16 | Yandex Europe Ag | Associating an image with an e-mail message |
WO2013173648A2 (en) * | 2012-05-16 | 2013-11-21 | Yandex Europe Ag | Method of and system for providing an image associated with a sender of an e-mail message or with contact information |
US20140052795A1 (en) * | 2012-08-20 | 2014-02-20 | Jenny Q. Ta | Social network system and method |
US20140133481A1 (en) * | 2012-11-11 | 2014-05-15 | Pingshow Inc. | Web Telephone with Integrated Voice and Data |
US10192200B2 (en) | 2012-12-04 | 2019-01-29 | Oath Inc. | Classifying a portion of user contact data into local contacts |
US10554742B2 (en) * | 2013-02-19 | 2020-02-04 | Sony Interactive Entertainment Inc. | Information processing system |
US20160006797A1 (en) * | 2013-02-19 | 2016-01-07 | Sony Computer Entertainment Inc. | Information processing system |
US10944686B2 (en) | 2013-06-03 | 2021-03-09 | Seven Networks, Llc | Blocking/unblocking algorithms for signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
US9973337B2 (en) * | 2015-11-18 | 2018-05-15 | International Business Machines Corporation | Domain-server public-key reference |
US9667415B1 (en) | 2015-11-18 | 2017-05-30 | International Business Machines Corporation | Domain-server public-key reference |
US10027701B1 (en) | 2016-08-17 | 2018-07-17 | Wombat Security Technologies, Inc. | Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system |
US9774626B1 (en) * | 2016-08-17 | 2017-09-26 | Wombat Security Technologies, Inc. | Method and system for assessing and classifying reported potentially malicious messages in a cybersecurity system |
US9781149B1 (en) | 2016-08-17 | 2017-10-03 | Wombat Security Technologies, Inc. | Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system |
US11483423B2 (en) | 2017-02-03 | 2022-10-25 | Sean Wilson | Method of enhancing personal contact information display on a mobile device |
US11075867B2 (en) | 2017-07-26 | 2021-07-27 | Yandex Europe Ag | Method and system for detection of potential spam activity during account registration |
US10244107B1 (en) * | 2017-10-23 | 2019-03-26 | Neustar, Inc. | Systems and methods for causing display of a reputation indicator associated with a called party |
US10652388B2 (en) | 2017-10-23 | 2020-05-12 | Neustar, Inc. | Communication systems and methods for causing display of visual content on a screen associated with a calling device |
US10666695B2 (en) | 2018-07-25 | 2020-05-26 | Eduard Weinwurm | Group chat application with reputation scoring |
US11381614B2 (en) | 2018-07-25 | 2022-07-05 | Eduard Weinwurm | Group chat application with reputation scoring |
US11431738B2 (en) | 2018-12-19 | 2022-08-30 | Abnormal Security Corporation | Multistage analysis of emails to identify security threats |
US11743294B2 (en) | 2018-12-19 | 2023-08-29 | Abnormal Security Corporation | Retrospective learning of communication patterns by machine learning models for discovering abnormal behavior |
US11824870B2 (en) | 2018-12-19 | 2023-11-21 | Abnormal Security Corporation | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time |
US11552969B2 (en) | 2018-12-19 | 2023-01-10 | Abnormal Security Corporation | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time |
US11470042B2 (en) | 2020-02-21 | 2022-10-11 | Abnormal Security Corporation | Discovering email account compromise through assessments of digital activities |
US11483344B2 (en) * | 2020-02-28 | 2022-10-25 | Abnormal Security Corporation | Estimating risk posed by interacting with third parties through analysis of emails addressed to employees of multiple enterprises |
US11477235B2 (en) * | 2020-02-28 | 2022-10-18 | Abnormal Security Corporation | Approaches to creating, managing, and applying a federated database to establish risk posed by third parties |
US11477234B2 (en) * | 2020-02-28 | 2022-10-18 | Abnormal Security Corporation | Federated database for establishing and tracking risk of interactions with third parties |
US11949713B2 (en) | 2020-03-02 | 2024-04-02 | Abnormal Security Corporation | Abuse mailbox for facilitating discovery, investigation, and analysis of email-based threats |
US11663303B2 (en) | 2020-03-02 | 2023-05-30 | Abnormal Security Corporation | Multichannel threat detection for protecting against account compromise |
US11451576B2 (en) | 2020-03-12 | 2022-09-20 | Abnormal Security Corporation | Investigation of threats using queryable records of behavior |
US11470108B2 (en) | 2020-04-23 | 2022-10-11 | Abnormal Security Corporation | Detection and prevention of external fraud |
US11706247B2 (en) | 2020-04-23 | 2023-07-18 | Abnormal Security Corporation | Detection and prevention of external fraud |
US11496505B2 (en) | 2020-04-23 | 2022-11-08 | Abnormal Security Corporation | Detection and prevention of external fraud |
US11528242B2 (en) | 2020-10-23 | 2022-12-13 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
US11683284B2 (en) | 2020-10-23 | 2023-06-20 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
US11704406B2 (en) | 2020-12-10 | 2023-07-18 | Abnormal Security Corporation | Deriving and surfacing insights regarding security threats |
US11687648B2 (en) | 2020-12-10 | 2023-06-27 | Abnormal Security Corporation | Deriving and surfacing insights regarding security threats |
US11831661B2 (en) | 2021-06-03 | 2023-11-28 | Abnormal Security Corporation | Multi-tiered approach to payload detection for incoming communications |
US11973772B2 (en) | 2022-02-22 | 2024-04-30 | Abnormal Security Corporation | Multistage analysis of emails to identify security threats |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20100318614A1 (en) | Displaying User Profile and Reputation with a Communication Message | |
US20230030475A1 (en) | User interface for email inbox to call attention differently to different classes of email | |
US11159523B2 (en) | Rapid identification of message authentication | |
US11595336B2 (en) | Detecting of business email compromise | |
US8073910B2 (en) | User interface for email inbox to call attention differently to different classes of email | |
US9143476B2 (en) | Real-time classification of email message traffic | |
Ellison | Ceremony design and analysis | |
US8296245B2 (en) | Method and system for creation and validation of anonymous digital credentials | |
US7831522B1 (en) | Evaluating relying parties | |
US8285798B2 (en) | System and method for the management of message policy | |
US7917757B2 (en) | Method and system for authentication of electronic communications | |
US20060123476A1 (en) | System and method for warranting electronic mail using a hybrid public key encryption scheme | |
US7444380B1 (en) | Method and system for dispensing and verification of permissions for delivery of electronic messages | |
US20090106557A1 (en) | Methods and systems for indicating trustworthiness of secure communications | |
JP2005507106A (en) | Verification of person identifiers received online | |
Schryen | Anti-spam measures | |
JP2006521622A (en) | Control and management of electronic messages | |
GB2405234A (en) | E-mail message filtering method for excluding spam | |
US11329986B2 (en) | System for centralized certification of electronic communications | |
Seigneur | Social trust of virtual identities | |
Bergström et al. | Public certificate management: An analysis of policies and practices used by CAs | |
GB2405004A (en) | Electronic message filtering | |
Hansen et al. | DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations | |
Hansen et al. | RFC 5863: DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: AGITOS WEBSOLUTIONS GMBH & CO. KG, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SAGER, FLORIAN;HEINDL, BERNHARD;HEINDL, CHRISTIAN;SIGNING DATES FROM 20100403 TO 20100412;REEL/FRAME:024355/0699 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |